Vulnerabilities > Combodo > Itop > 2.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2019-13965 | Cross-site Scripting vulnerability in Combodo Itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. | 6.1 |
| 2020-02-14 | CVE-2019-11215 | Incorrect Permission Assignment for Critical Resource vulnerability in Combodo Itop In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. | 8.1 |
| 2018-05-02 | CVE-2018-10642 | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 7.2 |