Product:

Itop

(Combodo)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 48
Date Id Summary Products Score Patch Annotated
2023-11-09 CVE-2023-47488 Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. Itop 6.1
2023-10-25 CVE-2023-34446 iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. Itop 6.1
2023-10-25 CVE-2023-34447 iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. Itop 6.1
2023-03-14 CVE-2022-39216 Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1. Itop 9.8
2023-03-14 CVE-2022-39214 Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1. Itop 7.5
2020-08-10 CVE-2020-12777 A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Itop 7.5
2020-08-10 CVE-2020-12778 Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Itop 6.1
2020-08-10 CVE-2020-12781 Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Itop 8.8
2022-04-05 CVE-2022-24780 Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. Itop 8.8
2022-06-14 CVE-2022-31403 ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Itop 6.1