Vulnerabilities > Combodo

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-15219 Information Exposure Through an Error Message vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-209
4.3
2021-01-13 CVE-2020-15218 Insufficient Session Expiration vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-613
6.8
2021-01-12 CVE-2020-4079 Information Exposure vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-200
7.7
2020-08-10 CVE-2020-12781 Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
network
low complexity
combodo CWE-352
8.8
2020-08-10 CVE-2020-12780 Incorrect Authorization vulnerability in Combodo Itop
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
network
low complexity
combodo CWE-863
7.5
2020-08-10 CVE-2020-12779 Cross-site Scripting vulnerability in Combodo Itop 2.7.0
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
network
low complexity
combodo CWE-79
5.4
2020-08-10 CVE-2020-12778 Cross-site Scripting vulnerability in Combodo Itop
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
network
low complexity
combodo CWE-79
6.1
2020-08-10 CVE-2020-12777 Information Exposure vulnerability in Combodo Itop
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
network
low complexity
combodo CWE-200
7.5
2020-06-05 CVE-2020-11696 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload.
network
low complexity
combodo CWE-79
6.1
2020-06-05 CVE-2020-11697 Cross-site Scripting vulnerability in Combodo Itop
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload.
network
low complexity
combodo CWE-79
6.1