Vulnerabilities > Combodo > Itop > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-15221 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
5.4
5.4
2021-01-13 CVE-2020-15220 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
6.1
6.1
2021-01-13 CVE-2020-15219 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
4.3
4.3
2021-01-13 CVE-2020-15218 Unspecified vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo
6.8
6.8
2020-08-10 CVE-2020-12779 Cross-site Scripting vulnerability in Combodo Itop 2.7.0
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
network
low complexity
combodo CWE-79
5.4
5.4
2020-08-10 CVE-2020-12778 Cross-site Scripting vulnerability in Combodo Itop
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
network
low complexity
combodo CWE-79
6.1
6.1
2020-06-05 CVE-2020-11696 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload.
network
low complexity
combodo CWE-79
6.1
6.1
2020-06-05 CVE-2020-11697 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload.
network
low complexity
combodo CWE-79
6.1
6.1
2020-02-14 CVE-2019-13966 Cross-site Scripting vulnerability in Combodo Itop
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard.
network
low complexity
combodo CWE-79
6.1
6.1
2020-02-14 CVE-2019-13965 Cross-site Scripting vulnerability in Combodo Itop
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php.
network
low complexity
combodo CWE-79
6.1
6.1