Combodo Itop

81 CVEs affecting Combodo Itop. Latest disclosed: 2025-11-10. Critical: 4, High: 39.

Top CVEs affecting Combodo Itop
CVESeverityScorePublishedSummary
CVE-2023-48710Critical9.82024-04-15iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully…
CVE-2022-39214Critical9.62023-03-14Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take ov…
CVE-2021-41162Critical9.32022-04-21Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not proper…
CVE-2021-41161Critical9.32022-04-21Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters…
CVE-2025-48065High8.82025-11-10Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error co…
CVE-2025-47932High8.82025-11-10Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered…
CVE-2025-47773High8.82025-11-10Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited vi…
CVE-2024-52002High8.82024-11-08Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please…
CVE-2024-31998High8.82024-11-05Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 a…
CVE-2024-31448High8.82024-11-05Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be perform…
CVE-2023-34445High8.82024-11-05Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This…
CVE-2023-34444High8.82024-11-05Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags…
CVE-2023-34443High8.82024-11-05Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of…
CVE-2023-47626High8.82024-04-15iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.
CVE-2023-47622High8.82024-04-15iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.
CVE-2023-34447High8.82023-10-25iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This…
CVE-2023-34446High8.82023-10-25iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site script…
CVE-2022-24780High8.82022-04-05Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by…
CVE-2025-49145High8.72025-11-10Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly adminis…
CVE-2023-47123High8.72024-04-15iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this…