CVE-2020-11697

{"id": "CVE-2020-11697", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-06-05T21:15:12.157", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-xfh9-5632-hxmv", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3A2_7_whats_new", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-xfh9-5632-hxmv", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3A2_7_whats_new", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4."}, {"lang": "es", "value": "En Combodo iTop, los id del panel de control pueden ser explotados con una carga \u00fatil XSS reflexiva. Esto es corregido en todos los paquetes iTop (community, essential, professional) para la versi\u00f3n 2.7.0 y en los paquetes iTop essential e iTop professional para la versi\u00f3n 2.6.4"}], "lastModified": "2024-11-21T04:58:25.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:essential:*:*:*", "vulnerable": true, "matchCriteriaId": "B7CAFC31-E49E-4284-AF7A-25A6409BDFA9", "versionEndExcluding": "2.6.4"}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "D4FA0F6A-DB5F-4A71-AF65-FAF579DFCFE7", "versionEndExcluding": "2.6.4"}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B390EAB3-09BD-4653-BDFD-F5D7937391E7", "versionEndExcluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}