Vulnerabilities > Combodo > Itop > 2.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-10 | CVE-2020-12777 | Information Exposure vulnerability in Combodo Itop A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | 7.5 |
| 2020-06-05 | CVE-2020-11696 | Cross-site Scripting vulnerability in Combodo Itop In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. | 4.3 |
| 2020-06-05 | CVE-2020-11697 | Cross-site Scripting vulnerability in Combodo Itop In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. | 4.3 |
| 2020-03-16 | CVE-2019-19821 | Cross-site Scripting vulnerability in Combodo Itop A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. | 5.5 |
| 2020-02-14 | CVE-2019-13966 | Cross-site Scripting vulnerability in Combodo Itop In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. | 4.3 |
| 2020-02-14 | CVE-2019-13965 | Cross-site Scripting vulnerability in Combodo Itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. | 4.3 |
| 2018-05-02 | CVE-2018-10642 | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 6.5 |
| 2018-02-20 | CVE-2015-6544 | Cross-site Scripting vulnerability in Combodo Itop Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. | 4.3 |