{"id":"CVE-2020-12778","details":"Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.","modified":"2026-04-10T04:22:06.686848Z","published":"2020-08-10T03:15:12.637Z","related":["GHSA-8vpf-8vjh-5fcv"],"references":[{"type":"ADVISORY","url":"https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html"},{"type":"ADVISORY","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"0"},{"fixed":"94f9b16c03c4f9a232f677212aecde616b09b95e"},{"introduced":"0"},{"last_affected":"fc24746862778d60fd135c076aa1d621a723f965"},{"introduced":"0"},{"last_affected":"94fdc79be58b298ff5d1215c3b6103c0b1f19fed"},{"introduced":"0"},{"last_affected":"aa9ab1ace5bf85fa4150fa9b0227382ee138817d"},{"introduced":"0"},{"last_affected":"007e1ded0db683e3459d70eb7665e166676a95f6"},{"introduced":"0"},{"last_affected":"8e0ae67803ee0289a161552d86f78c6c71529343"},{"introduced":"0"},{"last_affected":"f9fc85e763daa10cd553c983c01a3af451fa57d1"},{"introduced":"0"},{"last_affected":"b0904cabfddc875b24ca6e144e83b3fccbf187df"},{"introduced":"0"},{"last_affected":"e23c41232dc690ff1d511eb16534cf818dc3cd52"},{"introduced":"0"},{"last_affected":"827a108a380398b7a45809a58321eb92f01c51ea"},{"introduced":"0"},{"last_affected":"9bfa60d272c2a4246198334d55d966ac8bed098e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.1"},{"introduced":"0"},{"last_affected":"3.0.0-alpha"},{"introduced":"0"},{"last_affected":"3.0.0-beta"},{"introduced":"0"},{"last_affected":"3.0.0-beta2"},{"introduced":"0"},{"last_affected":"3.0.0-beta3"},{"introduced":"0"},{"last_affected":"3.0.0-beta4"},{"introduced":"0"},{"last_affected":"3.0.0-beta5"},{"introduced":"0"},{"last_affected":"3.0.0-beta6"},{"introduced":"0"},{"last_affected":"3.0.0-beta7"},{"introduced":"0"},{"last_affected":"3.0.0-beta8"},{"introduced":"0"},{"last_affected":"3.0.0-rc"}]}}],"versions":["2.6.1","2.6.2","2.6.3","2.7.0-alpha1","2.7.0-beta","2.7.0-beta2","3","3.0.0-alpha","3.0.0-beta","3.0.0-beta2","3.0.0-beta3","3.0.0-beta4","3.0.0-beta5","3.0.0-beta6","3.0.0-beta7","3.0.0-beta8","3.0.0-rc","N1963","N2011","N2016","N941","N941-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12778.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}