Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Combodo — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting Combodo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Combodo:iTop
CVE IDTitleCVSSSeverityPublished
CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php — iTopCWE-79 7.1 High2025-11-10
CVE-2025-49145 iTop admin can drop iTop database using webhooks — iTopCWE-863 8.7 High2025-11-10
CVE-2025-48878 Combodo iTop vulnerable to IDOR with ModuleInstallation object — iTopCWE-862 4.3 Medium2025-11-10
CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error — iTopCWE-79 8.8 High2025-11-10
CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick — iTopCWE-79 8.5 High2025-11-10
CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard — iTopCWE-79 8.8 High2025-11-10
CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php — iTopCWE-79 8.8 High2025-11-10
CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality — iTopCWE-74 9.1 -2025-11-10
CVE-2025-24969 iTop portal user can see any other contact's picture — iTopCWE-639 5.0 Medium2025-05-14
CVE-2025-24785 iTop dashboard vulnerable to denial of service — iTopCWE-20 4.3 Medium2025-05-14
CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability — iTopCWE-1333 5.3 Medium2025-05-14
CVE-2025-24022 iTop server vulnerable to portal code injection — iTopCWE-78 8.6 High2025-05-14
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form — iTopCWE-862 5.0 Medium2025-05-14
CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import — iTopCWE-79 6.3 Medium2025-05-14
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability — iTopCWE-639 6.5 Medium2025-05-14
CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences — iTopCWE-79 6.8 Medium2025-02-25
CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter — iTopCWE-79 7.9 High2024-12-13
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop — iTopCWE-79 6.1 -2024-11-08
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop — iTopCWE-200 4.3 -2024-11-08
CVE-2024-52002 Cross-Site Request Forgery (CSRF) in several iTop pages — iTopCWE-352 8.8 -2024-11-08
CVE-2024-51993 Password is stored in clear in the database in Combodo iTop — iTopCWE-312 6.5AIMediumAI2024-11-07
CVE-2024-51994 Cross-site Scripting in portal picture upload in Combodo iTop — iTopCWE-79 5.4AIMediumAI2024-11-07
CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop — iTopCWE-284 7.5AIHighAI2024-11-07
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop — iTopCWE-918 4.3 Medium2024-11-05
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop — iTopCWE-200 7.5 High2024-11-05
CVE-2024-32870 iTop hub connector Information disclosure — iTopCWE-200 5.8 Medium2024-11-04
CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop — iTopCWE-352 8.8 High2024-11-04
CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-34445 Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-34444 Cross-site Scripting vulnerability on pages/ajax.searchform.php in Combodo iTop — iTopCWE-79 8.8 High2024-11-04

This page lists every published CVE security advisory associated with Combodo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.