Combodo Itop
81 CVEs affecting Combodo Itop. Latest disclosed: 2025-11-10. Critical: 4, High: 39.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-48710 | Critical | 9.8 | 2024-04-15 | iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully… |
CVE-2022-39214 | Critical | 9.6 | 2023-03-14 | Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take ov… |
CVE-2021-41162 | Critical | 9.3 | 2022-04-21 | Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not proper… |
CVE-2021-41161 | Critical | 9.3 | 2022-04-21 | Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters… |
CVE-2025-48065 | High | 8.8 | 2025-11-10 | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error co… |
CVE-2025-47932 | High | 8.8 | 2025-11-10 | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered… |
CVE-2025-47773 | High | 8.8 | 2025-11-10 | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited vi… |
CVE-2024-52002 | High | 8.8 | 2024-11-08 | Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please… |
CVE-2024-31998 | High | 8.8 | 2024-11-05 | Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 a… |
CVE-2024-31448 | High | 8.8 | 2024-11-05 | Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be perform… |
CVE-2023-34445 | High | 8.8 | 2024-11-05 | Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This… |
CVE-2023-34444 | High | 8.8 | 2024-11-05 | Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags… |
CVE-2023-34443 | High | 8.8 | 2024-11-05 | Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of… |
CVE-2023-47626 | High | 8.8 | 2024-04-15 | iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1. |
CVE-2023-47622 | High | 8.8 | 2024-04-15 | iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1. |
CVE-2023-34447 | High | 8.8 | 2023-10-25 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This… |
CVE-2023-34446 | High | 8.8 | 2023-10-25 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site script… |
CVE-2022-24780 | High | 8.8 | 2022-04-05 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by… |
CVE-2025-49145 | High | 8.7 | 2025-11-10 | Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly adminis… |
CVE-2023-47123 | High | 8.7 | 2024-04-15 | iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this… |