CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12779 – Combodo iTop - Stored XSS
https://notcve.org/view.php?id=CVE-2020-12779
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Combodo iTop contiene una vulnerabilidad de tipo Cross-site Scripting almacenado, que puede ser atacada mediante la carga de un archivo con un script malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247 https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0CVE-2020-12778 – Combodo iTop - Reflected XSS
https://notcve.org/view.php?id=CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Combodo iTop no comprueba los parámetros ingresados, los atacantes pueden inyectar comandos maliciosos e iniciar un ataque de tipo XSS • https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-12777 – Combodo iTop - Broken Access Control
https://notcve.org/view.php?id=CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Una función en Combodo iTop contiene una vulnerabilidad de Control de Acceso Roto, que permite a un atacante no autorizado inyectar comandos y revelar información del sistema • https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2 https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •