CVE-2020-11696

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combodo:itop:*:*:*:*:essential:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:professional:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:community:*:*:*

Information

Published : 2020-06-05 15:15

Updated : 2020-06-10 18:33


NVD link : CVE-2020-11696

Mitre link : CVE-2020-11696


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

combodo

  • itop