Skip to main content

Itop

52 CVEs product

Monthly

CVE-2025-64167 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-49145 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-48878 MEDIUM Monitor

Combodo iTop is a web based IT service management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-48065 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48055 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-47932 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47773 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47286 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-24969 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-24785 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Denial Of Service Itop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24026 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Itop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-24022 HIGH This Week

iTop is an web based IT Service Management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Itop
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2025-24021 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-56157 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-52601 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27139 MEDIUM This Month

Combodo iTop is a web based IT service management tool. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-54139 CRITICAL Act Now

Combodo iTop is an open source and web-based IT service management platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Itop
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-52002 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-52001 MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-52000 MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-51995 HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass PHP Itop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-51994 MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-51993 LOW Monitor

Combodo iTop is a web based IT Service Management tool. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
3.4
EPSS
0.1%
CVE-2024-51740 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-51739 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-32870 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.8
EPSS
0.7%
CVE-2024-31998 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-31448 MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-47489 HIGH This Week

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE PHP Itop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47488 MEDIUM This Month

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-34447 MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-34446 MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31403 MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-31402 MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-24870 MEDIUM POC PATCH This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-24811 MEDIUM POC PATCH This Month

Combodi iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24780 HIGH POC PATCH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2021-32664 MEDIUM PATCH This Month

Combodo iTop is an open source web based IT Service Management tool. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Itop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-32663 HIGH PATCH This Week

iTop is an open source web based IT Service Management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32776 HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-32775 MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21407 MEDIUM This Month

Combodo iTop is an open source, web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21406 HIGH This Week

Combodo iTop is an open source, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-12781 HIGH This Week

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-12780 HIGH This Week

A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12779 MEDIUM This Month

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-12778 MEDIUM This Month

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12777 HIGH This Week

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11696 MEDIUM This Month

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11697 MEDIUM This Month

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-10642 HIGH POC This Week

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE PHP Itop
NVD GitHub
CVSS 3.0
7.2
EPSS
7.5%
CVE-2013-0805 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Itop
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 7.1
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Itop
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM Monitor

Combodo iTop is a web based IT service management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Denial Of Service Itop
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Itop
NVD GitHub
EPSS 1% CVSS 8.5
HIGH This Week

iTop is an web based IT Service Management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Itop
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Combodo iTop is a web based IT service management tool. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Combodo iTop is an open source and web-based IT service management platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Itop
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass PHP Itop
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Itop
NVD GitHub
EPSS 0% CVSS 3.4
LOW Monitor

Combodo iTop is a web based IT Service Management tool. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Itop
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE PHP Itop
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Combodi iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Itop
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Combodo iTop is an open source web based IT Service Management tool. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Itop
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

iTop is an open source web based IT Service Management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Itop
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Combodo iTop is an open source, web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Combodo iTop is an open source, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Itop
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
EPSS 7% CVSS 7.2
HIGH POC This Week

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Itop
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy