Filtered by vendor Combodo
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31448 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it. | |||||
| CVE-2023-34445 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-34444 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-34443 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-47488 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. | |||||
| CVE-2023-47489 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 7.8 HIGH |
| CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | |||||
| CVE-2023-34446 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 6.1 MEDIUM |
| iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | |||||
| CVE-2023-34447 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 6.1 MEDIUM |
| iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | |||||
| CVE-2022-39216 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 9.8 CRITICAL |
| Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1. | |||||
| CVE-2022-39214 | 1 Combodo | 1 Itop | 2024-02-28 | N/A | 7.5 HIGH |
| Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1. | |||||