CVE-2020-11696

{"id": "CVE-2020-11696", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-06-05T22:15:11.993", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-4h6p-jghj-8qxm", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3Achange_log", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-4h6p-jghj-8qxm", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3Achange_log", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4."}, {"lang": "es", "value": "En Combodo iTop, un nombre de acceso directo de men\u00fa puede ser explotado con una carga de tipo XSS almacenado. Esto es corregido en todos los paquetes iTop (community, essential, professional) en la versi\u00f3n 2.7.0 y iTop essential e iTop professional en la versi\u00f3n 2.6.4"}], "lastModified": "2024-11-21T04:58:25.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:essential:*:*:*", "vulnerable": true, "matchCriteriaId": "B7CAFC31-E49E-4284-AF7A-25A6409BDFA9", "versionEndExcluding": "2.6.4"}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "D4FA0F6A-DB5F-4A71-AF65-FAF579DFCFE7", "versionEndExcluding": "2.6.4"}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B390EAB3-09BD-4653-BDFD-F5D7937391E7", "versionEndExcluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}