Vulnerabilities > Combodo > Itop > 1.2.0

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-15219 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
4.3
4.3
2021-01-13 CVE-2020-15218 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
6.8
6.8
2021-01-12 CVE-2020-4079 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
7.7
7.7
2020-08-10 CVE-2020-12781 Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
network
low complexity
combodo CWE-352
8.8
8.8
2020-08-10 CVE-2020-12780 Incorrect Authorization vulnerability in Combodo Itop
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
network
low complexity
combodo CWE-863
7.5
7.5
2020-08-10 CVE-2020-12778 Cross-site Scripting vulnerability in Combodo Itop
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
network
low complexity
combodo CWE-79
6.1
6.1
2020-08-10 CVE-2020-12777 Information Exposure vulnerability in Combodo Itop
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
network
low complexity
combodo CWE-200
7.5
7.5
2020-06-05 CVE-2020-11696 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload.
network
low complexity
combodo CWE-79
6.1
6.1
2020-06-05 CVE-2020-11697 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload.
network
low complexity
combodo CWE-79
6.1
6.1
2020-03-16 CVE-2019-19821 Cross-site Scripting vulnerability in Combodo Itop
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.
network
low complexity
combodo CWE-79
8.1
8.1