CVE-2020-15221 MEDIUM

CVE-2020-15221: XSS in the breadcrumbs

Vendor Combodo

Product iTop

Weakness CWE-79 · XSS

Published January 13, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

Key dates

02Disclosure timeline

January 13, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15221

Related vulnerabilities

04Related CVE

CVE-2023-6694 Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-28931 WordPress Post Connector Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) CVE-2026-3278 XSS Vulnerability discovered in OpenText™ ZENworks Service Desk. CVE-2026-7377 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID