← back
CVE-2020-15221

XSS in the breadcrumbs

CVSS 6.8 MEDIUMEPSS 0.6%CWE-79
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected products
Combodo · iTop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw