cvelist/2020/15xxx/CVE-2020-15221.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15221",
        "STATE": "PUBLIC",
        "TITLE": "XSS in the breadcrumbs"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "iTop",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "< 2.7.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Combodo"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw",
                "refsource": "CONFIRM",
                "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-w6g2-p7pf-7hvw",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`{`
			`"CVE_data_meta": {`
Add CVE-2020-15221 for GHSA-w6g2-p7pf-7hvw 2021-01-13 10:04:45 -07:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`"ID": "CVE-2020-15221",`
Add CVE-2020-15221 for GHSA-w6g2-p7pf-7hvw 2021-01-13 10:04:45 -07:00			`"STATE": "PUBLIC",`
			`"TITLE": "XSS in the breadcrumbs"`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`},`
Add CVE-2020-15221 for GHSA-w6g2-p7pf-7hvw 2021-01-13 10:04:45 -07:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "iTop",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "< 2.7.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Combodo"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-01-13 18:02:39 +00:00			`"value": "Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0."`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`}`
			`]`
Add CVE-2020-15221 for GHSA-w6g2-p7pf-7hvw 2021-01-13 10:04:45 -07:00			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.8,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79 Cross-site Scripting (XSS)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-w6g2-p7pf-7hvw",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`}`
			`}`