{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T12:14:03.376","vulnerabilities":[{"cve":{"id":"CVE-2020-11696","sourceIdentifier":"cve@mitre.org","published":"2020-06-05T22:15:11.993","lastModified":"2024-11-21T04:58:25.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4."},{"lang":"es","value":"En Combodo iTop, un nombre de acceso directo de menú puede ser explotado con una carga de tipo XSS almacenado. Esto es corregido en todos los paquetes iTop (community, essential, professional) en la versión 2.7.0 y iTop essential e iTop professional en la versión 2.6.4"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:essential:*:*:*","versionEndExcluding":"2.6.4","matchCriteriaId":"B7CAFC31-E49E-4284-AF7A-25A6409BDFA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:professional:*:*:*","versionEndExcluding":"2.6.4","matchCriteriaId":"D4FA0F6A-DB5F-4A71-AF65-FAF579DFCFE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:community:*:*:*","versionEndExcluding":"2.7.0","matchCriteriaId":"B390EAB3-09BD-4653-BDFD-F5D7937391E7"}]}]}],"references":[{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-4h6p-jghj-8qxm","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3Achange_log","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-4h6p-jghj-8qxm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3Achange_log","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}