Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-13965
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop up to and including 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the ...
Combodo Itop
6.1
CVSSv3
CVE-2019-13966
In iTop up to and including 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
Combodo Itop
7.5
CVSSv3
CVE-2019-13967
iTop 2.2.0 up to and including 2.6.0 allows remote malicious users to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&...
Combodo Itop
6.1
CVSSv3
CVE-2020-11696
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
Combodo Itop
8.1
CVSSv3
CVE-2019-19821
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTo...
Combodo Itop
7.5
CVSSv3
CVE-2020-12780
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
Combodo Itop
6.1
CVSSv3
CVE-2020-11697
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
Combodo Itop
6.1
CVSSv3
CVE-2015-6544
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop prior to 2.2.0-2459 allows remote malicious users to inject arbitrary web script or HTML via a dashboard title.
Combodo Itop
7.5
CVSSv3
CVE-2022-39214
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
8.1
CVSSv3
CVE-2019-11215
In Combodo iTop 2.2.0 up to and including 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: duri...
Combodo Itop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »