Impact
When called with an invalid token, the restore backup script displays the token value but doesn't escape it properly.
Patches
- 2.7.1 : packages community, essential, professional
- 3.0.0 : to be published
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12778
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
When called with an invalid token, the restore backup script displays the token value but doesn't escape it properly.
Patches
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12778
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com