Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Combodo — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting Combodo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Combodo:iTop
CVE IDTitleCVSSSeverityPaused
CVE-2023-34443 Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-48710 iTop limit pages/exec.php script to PHP files — iTopCWE-552 9.8 Critical2024-04-15
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file — iTopCWE-1236 8.0 High2024-04-15
CVE-2023-47626 iTop vulnerable to XSS vulnerability in authent-token — iTopCWE-79 8.8 High2024-04-15
CVE-2023-47622 iTop vulnerable to XSS vulnerability in dashlet refresh — iTopCWE-79 8.8 High2024-04-15
CVE-2023-47123 iTop vulnerable to XSS vulnerability in n:n relations "tagset" widget — iTopCWE-79 8.7 High2024-04-15
CVE-2023-45808 iTop missing silo check on extkey in console and portal — iTopCWE-639 4.1 Medium2024-04-15
CVE-2023-44396 iTop vulnerable to XSS in dashlet modifications ajax endpoints — iTopCWE-79 6.8 Medium2024-04-15
CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details — iTopCWE-79 5.7 Medium2024-04-15
CVE-2023-38511 iTop Dashboard editor vulnerable dashboard config file parameter — iTopCWE-22 5.0 Medium2024-04-15
CVE-2023-34447 iTop XSS vulnerability on pages/UI.php — iTopCWE-79 8.8 High2023-10-25
CVE-2023-34446 iTop XSS vulnerability on pages/preferences.php — iTopCWE-79 8.8 High2023-10-25
CVE-2022-39216 Combodo iTop's weak password reset token leads to account takeover — iTopCWE-330 7.4 High2023-03-14
CVE-2022-39214 Authenticated users of Combodo iTop can take over any account — iTopCWE-863 9.6 Critical2023-03-14
CVE-2021-41162 Cross-site Scripting in Combodo iTop — iTopCWE-79 9.3 Critical2022-04-21
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop — iTopCWE-79 8.7 High2022-04-21
CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions — iTopCWE-79 9.3 Critical2022-04-21
CVE-2022-24811 Cross-site Scripting in Combodo iTop — iTopCWE-79 5.4 Medium2022-04-05
CVE-2022-24780 Code Injection in Combodo iTop — iTopCWE-94 8.8 High2022-04-05
CVE-2021-41245 Possible Cross-Site Request Forgery in Combodo iTop — iTopCWE-352 6.5 Medium2022-04-05
CVE-2021-32664 Reflected XSS in Combodo/iTop — iTopCWE-79 8.1 High2021-10-19
CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop — iTopCWE-918 8.7 High2021-10-19
CVE-2021-32776 No CSRF form token cleanup on Windows servers — iTopCWE-352 6.8 Medium2021-07-21
CVE-2021-32775 Any user can see any fields (including mailbox password) with GroupBy Dashlet — iTopCWE-209 7.7 High2021-07-21
CVE-2021-21407 Portal : the CSRF token isn't validated — iTopCWE-352 8.0 High2021-07-21
CVE-2021-21406 Command Injection vulnerability in the Setup Wizard — iTopCWE-77 5.8 Medium2021-07-21
CVE-2020-15221 XSS in the breadcrumbs — iTopCWE-79 6.8 Medium2021-01-13
CVE-2020-15220 Session fixation — iTopCWE-613 6.1 Medium2021-01-13
CVE-2020-15219 SQL query displayed on portal error — iTopCWE-209 4.3 Medium2021-01-13
CVE-2020-15218 Admin pages are cached and can be embedded — iTopCWE-613 6.8 Medium2021-01-13

This page lists every published CVE security advisory associated with Combodo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.