Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-47488
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local malicious user to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.
Combodo Itop 3.1.0-2-11973
7.8
CVSSv3
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local malicious user to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.
Combodo Itop 3.1.0-2-11973
6.1
CVSSv3
CVE-2023-34446
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Combodo Itop 3.0.3
6.1
CVSSv3
CVE-2023-34447
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Combodo Itop
7.5
CVSSv3
CVE-2022-39214
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
9.8
CVSSv3
CVE-2022-39216
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
6.1
CVSSv3
CVE-2022-31403
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
Combodo Itop 3.0.1
6.1
CVSSv3
CVE-2022-31402
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Combodo Itop 3.0.1
5.4
CVSSv3
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases before 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users ...
Combodo Itop 3.0.0
6.1
CVSSv3
CVE-2021-41161
Combodo iTop is a web based IT Service Management tool. In versions before 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarou...
Combodo Itop 3.0.0
Combodo Itop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »