Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

iTop — Vulnerabilities & Security Advisories 66

All 66 CVE vulnerabilities found in iTop, with AI-generated Chinese analysis, references, and POCs.

Vendor: Combodo

CVE IDTitleCVSSSeverityPublished
CVE-2023-34443 Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop CWE-79 8.8 High2024-11-04
CVE-2023-48710 iTop limit pages/exec.php script to PHP files CWE-552 9.8 Critical2024-04-15
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file CWE-1236 8.0 High2024-04-15
CVE-2023-47626 iTop vulnerable to XSS vulnerability in authent-token CWE-79 8.8 High2024-04-15
CVE-2023-47622 iTop vulnerable to XSS vulnerability in dashlet refresh CWE-79 8.8 High2024-04-15
CVE-2023-47123 iTop vulnerable to XSS vulnerability in n:n relations "tagset" widget CWE-79 8.7 High2024-04-15
CVE-2023-45808 iTop missing silo check on extkey in console and portal CWE-639 4.1 Medium2024-04-15
CVE-2023-44396 iTop vulnerable to XSS in dashlet modifications ajax endpoints CWE-79 6.8 Medium2024-04-15
CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details CWE-79 5.7 Medium2024-04-15
CVE-2023-38511 iTop Dashboard editor vulnerable dashboard config file parameter CWE-22 5.0 Medium2024-04-15
CVE-2023-34447 iTop XSS vulnerability on pages/UI.php CWE-79 8.8 High2023-10-25
CVE-2023-34446 iTop XSS vulnerability on pages/preferences.php CWE-79 8.8 High2023-10-25
CVE-2022-39216 Combodo iTop's weak password reset token leads to account takeover CWE-330 7.4 High2023-03-14
CVE-2022-39214 Authenticated users of Combodo iTop can take over any account CWE-863 9.6 Critical2023-03-14
CVE-2021-41162 Cross-site Scripting in Combodo iTop CWE-79 9.3 Critical2022-04-21
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop CWE-79 8.7 High2022-04-21
CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions CWE-79 9.3 Critical2022-04-21
CVE-2022-24811 Cross-site Scripting in Combodo iTop CWE-79 5.4 Medium2022-04-05
CVE-2022-24780 Code Injection in Combodo iTop CWE-94 8.8 High2022-04-05
CVE-2021-41245 Possible Cross-Site Request Forgery in Combodo iTop CWE-352 6.5 Medium2022-04-05
CVE-2021-32664 Reflected XSS in Combodo/iTop CWE-79 8.1 High2021-10-19
CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop CWE-918 8.7 High2021-10-19
CVE-2021-32776 No CSRF form token cleanup on Windows servers CWE-352 6.8 Medium2021-07-21
CVE-2021-32775 Any user can see any fields (including mailbox password) with GroupBy Dashlet CWE-209 7.7 High2021-07-21
CVE-2021-21407 Portal : the CSRF token isn't validated CWE-352 8.0 High2021-07-21
CVE-2021-21406 Command Injection vulnerability in the Setup Wizard CWE-77 5.8 Medium2021-07-21
CVE-2020-15221 XSS in the breadcrumbs CWE-79 6.8 Medium2021-01-13
CVE-2020-15220 Session fixation CWE-613 6.1 Medium2021-01-13
CVE-2020-15219 SQL query displayed on portal error CWE-209 4.3 Medium2021-01-13
CVE-2020-15218 Admin pages are cached and can be embedded CWE-613 6.8 Medium2021-01-13

All 66 known CVE vulnerabilities affecting iTop with full Chinese analysis, references, and POCs where available.