Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

iTop — Vulnerabilities & Security Advisories 66

All 66 CVE vulnerabilities found in iTop, with AI-generated Chinese analysis, references, and POCs.

Vendor: Combodo

CVE IDTitleCVSSSeverityPublished
CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php CWE-79 7.1 High2025-11-10
CVE-2025-49145 iTop admin can drop iTop database using webhooks CWE-863 8.7 High2025-11-10
CVE-2025-48878 Combodo iTop vulnerable to IDOR with ModuleInstallation object CWE-862 4.3 Medium2025-11-10
CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error CWE-79 8.8 High2025-11-10
CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick CWE-79 8.5 High2025-11-10
CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard CWE-79 8.8 High2025-11-10
CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php CWE-79 8.8 High2025-11-10
CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality CWE-74 9.1 -2025-11-10
CVE-2025-24969 iTop portal user can see any other contact's picture CWE-639 5.0 Medium2025-05-14
CVE-2025-24785 iTop dashboard vulnerable to denial of service CWE-20 4.3 Medium2025-05-14
CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability CWE-1333 5.3 Medium2025-05-14
CVE-2025-24022 iTop server vulnerable to portal code injection CWE-78 8.6 High2025-05-14
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form CWE-862 5.0 Medium2025-05-14
CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import CWE-79 6.3 Medium2025-05-14
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability CWE-639 6.5 Medium2025-05-14
CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences CWE-79 6.8 Medium2025-02-25
CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter CWE-79 7.9 High2024-12-13
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop CWE-79 6.1 -2024-11-08
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop CWE-200 4.3 -2024-11-08
CVE-2024-52002 Cross-Site Request Forgery (CSRF) in several iTop pages CWE-352 8.8 -2024-11-08
CVE-2024-51993 Password is stored in clear in the database in Combodo iTop CWE-312 6.5AIMediumAI2024-11-07
CVE-2024-51994 Cross-site Scripting in portal picture upload in Combodo iTop CWE-79 5.4AIMediumAI2024-11-07
CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop CWE-284 7.5AIHighAI2024-11-07
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop CWE-918 4.3 Medium2024-11-05
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop CWE-200 7.5 High2024-11-05
CVE-2024-32870 iTop hub connector Information disclosure CWE-200 5.8 Medium2024-11-04
CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop CWE-352 8.8 High2024-11-04
CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop CWE-79 8.8 High2024-11-04
CVE-2023-34445 Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop CWE-79 8.8 High2024-11-04
CVE-2023-34444 Cross-site Scripting vulnerability on pages/ajax.searchform.php in Combodo iTop CWE-79 8.8 High2024-11-04

All 66 known CVE vulnerabilities affecting iTop with full Chinese analysis, references, and POCs where available.