{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.0.0-beta1" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.7.1" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta3" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta4" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta5" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta6" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta7" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta8" }, { "introduced": "0" }, { "last_affected": "3.0.0-rc" } ] }, "events": [ { "introduced": "0" }, { "fixed": "94f9b16c03c4f9a232f677212aecde616b09b95e" }, { "introduced": "0" }, { "last_affected": "fc24746862778d60fd135c076aa1d621a723f965" }, { "introduced": "0" }, { "last_affected": "94fdc79be58b298ff5d1215c3b6103c0b1f19fed" }, { "introduced": "0" }, { "last_affected": "aa9ab1ace5bf85fa4150fa9b0227382ee138817d" }, { "introduced": "0" }, { "last_affected": "007e1ded0db683e3459d70eb7665e166676a95f6" }, { "introduced": "0" }, { "last_affected": "8e0ae67803ee0289a161552d86f78c6c71529343" }, { "introduced": "0" }, { "last_affected": "f9fc85e763daa10cd553c983c01a3af451fa57d1" }, { "introduced": "0" }, { "last_affected": "b0904cabfddc875b24ca6e144e83b3fccbf187df" }, { "introduced": "0" }, { "last_affected": "e23c41232dc690ff1d511eb16534cf818dc3cd52" }, { "introduced": "0" }, { "last_affected": "827a108a380398b7a45809a58321eb92f01c51ea" }, { "introduced": "0" }, { "last_affected": "9bfa60d272c2a4246198334d55d966ac8bed098e" } ], "repo": "https://github.com/combodo/itop", "type": "GIT" } ] } ], "details": "Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.", "id": "CVE-2020-12778", "modified": "2026-03-15T21:48:18.796311060Z", "published": "2020-08-10T03:15:12.637Z", "references": [ { "type": "ADVISORY", "url": "https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html" }, { "type": "ADVISORY", "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv" } ], "related": [ "GHSA-8vpf-8vjh-5fcv" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }