CVE-2020-15221 Information

Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0 by modifying target browser local storage an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4