Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39216
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
Combodo Itop
383
VMScore
CVE-2019-13965
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop up to and including 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the ...
Combodo Itop
383
VMScore
CVE-2019-13966
In iTop up to and including 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
Combodo Itop
516
VMScore
CVE-2021-41245
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by a...
Combodo Itop
490
VMScore
CVE-2019-19821
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTo...
Combodo Itop
NA
CVE-2023-34446
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Combodo Itop 3.0.3
312
VMScore
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases before 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users ...
Combodo Itop 3.0.0
383
VMScore
CVE-2022-31403
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
Combodo Itop 3.0.1
383
VMScore
CVE-2022-31402
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Combodo Itop 3.0.1
NA
CVE-2023-47488
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local malicious user to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.
Combodo Itop 3.1.0-2-11973
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »