Vulnerabilities > Combodo > Itop > 2.7.0

DATE CVE VULNERABILITY TITLE RISK
2020-08-10 CVE-2020-12778 Cross-site Scripting vulnerability in Combodo Itop
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
network
low complexity
combodo CWE-79
6.1
6.1
2020-08-10 CVE-2020-12777 Information Exposure vulnerability in Combodo Itop
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
network
low complexity
combodo CWE-200
7.5
7.5