Vulnerabilities > Combodo > Itop > 2.6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-05 | CVE-2020-11697 | Cross-site Scripting vulnerability in Combodo Itop In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. | 6.1 |
| 2020-03-16 | CVE-2019-19821 | Cross-site Scripting vulnerability in Combodo Itop A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. | 8.1 |