go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

Combodo iTop - Reflected XSS

TVN ID TVN-202004005
Public Date 2020-08-10
Affected Products Combodo iTop versions prior to 2.7.0-beta2
Description Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE ID CVE-2020-12778
Solution Update to version 2.7.1
Credit 黃榆翔、蔡仲南、Tseng, Yung-Hao
Top