Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-10642
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerab...
Combodo Itop
383
VMScore
CVE-2019-13966
In iTop up to and including 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
Combodo Itop
NA
CVE-2022-39214
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
NA
CVE-2022-39216
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
445
VMScore
CVE-2019-13967
iTop 2.2.0 up to and including 2.6.0 allows remote malicious users to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&...
Combodo Itop
490
VMScore
CVE-2019-19821
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTo...
Combodo Itop
NA
CVE-2023-34446
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Combodo Itop 3.0.3
383
VMScore
CVE-2022-31402
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Combodo Itop 3.0.1
383
VMScore
CVE-2022-31403
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
Combodo Itop 3.0.1
312
VMScore
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases before 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users ...
Combodo Itop 3.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »