CVE-2020-15221

Опубликовано: 13 янв. 2021

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

Ссылки

https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 2.7.2 (исключая)

cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00282

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 51%

0.00282

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79