Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-0805
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression par...
Combodo Itop 1.2.1
Combodo Itop 1.2
Combodo Itop 1.0.2
Combodo Itop 0.8
Combodo Itop 0.7.2
Combodo Itop 2.0
Combodo Itop 1.1
Combodo Itop 0.9
Combodo Itop 0.8.1.3
Combodo Itop 1.2.0
Combodo Itop 1.0.1
Combodo Itop 1.0
Combodo Itop 0.7.1
Combodo Itop
Combodo Itop 1.1.181
Combodo Itop 0.9.1
6.5
CVSSv2
CVE-2021-21406
Combodo iTop is an open source, web based IT Service Management tool. In versions before 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 2.7.5
Combodo Itop 2.7.5-1
6.5
CVSSv2
CVE-2022-24780
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is f...
Combodo Itop 3.0.0
Combodo Itop
1 Github repository
4.3
CVSSv2
CVE-2021-41162
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. ...
Combodo Itop 3.0.0
Combodo Itop
5
CVSSv2
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized malicious user to inject command and disclose system information.
Combodo Itop 3.0.0
Combodo Itop
4.3
CVSSv2
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
Combodo Itop 3.0.0
Combodo Itop
3.5
CVSSv2
CVE-2020-12779
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
Combodo Itop
Combodo Itop 2.7.0
6.8
CVSSv2
CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
Combodo Itop 3.0.0
Combodo Itop
6.8
CVSSv2
CVE-2021-32776
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
3.5
CVSSv2
CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »