Vulnerabilities > Combodo

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-15221 Cross-Site Scripting vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
combodo CWE-79
3.5
2021-01-13 CVE-2020-15220 Insufficient Session Expiration vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
combodo CWE-613
5.8
2021-01-13 CVE-2020-15219 Information Exposure Through AN Error Message vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-209
4.0
2021-01-13 CVE-2020-15218 Insufficient Session Expiration vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
combodo CWE-613
3.5
2021-01-12 CVE-2020-4079 Information Exposure vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-200
4.0
2020-08-10 CVE-2020-12781 Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
network
combodo CWE-352
6.8
2020-08-10 CVE-2020-12780 Information Exposure vulnerability in Combodo Itop
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
network
low complexity
combodo CWE-200
5.0
2020-08-10 CVE-2020-12779 Cross-Site Scripting vulnerability in Combodo Itop 2.7.0
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
network
combodo CWE-79
3.5
2020-08-10 CVE-2020-12778 Cross-Site Scripting vulnerability in Combodo Itop
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
network
combodo CWE-79
4.3
2020-08-10 CVE-2020-12777 Information Exposure vulnerability in Combodo Itop
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
network
low complexity
combodo CWE-200
5.0