Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-0805
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expression par...
Combodo Itop 1.2.1
Combodo Itop 1.2
Combodo Itop 1.0.2
Combodo Itop 0.8
Combodo Itop 0.7.2
Combodo Itop 2.0
Combodo Itop 1.1
Combodo Itop 0.9
Combodo Itop 0.8.1.3
Combodo Itop 1.2.0
Combodo Itop 1.0.1
Combodo Itop 1.0
Combodo Itop 0.7.1
Combodo Itop
Combodo Itop 1.1.181
Combodo Itop 0.9.1
6.5
CVSSv2
CVE-2021-21406
Combodo iTop is an open source, web based IT Service Management tool. In versions before 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 2.7.5
Combodo Itop 2.7.5-1
4
CVSSv2
CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which t...
Combodo Itop
Combodo Itop 2.7.3
5
CVSSv2
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized malicious user to inject command and disclose system information.
Combodo Itop 3.0.0
Combodo Itop
4.3
CVSSv2
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
Combodo Itop 3.0.0
Combodo Itop
4
CVSSv2
CVE-2021-32775
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
6.8
CVSSv2
CVE-2021-32776
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
3.5
CVSSv2
CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
4
CVSSv2
CVE-2020-15219
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
5.8
CVSSv2
CVE-2020-15220
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »