Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-13	CVE-2020-15218	Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. network low complexity combodo	6.8
2020-08-10	CVE-2020-12779	Cross-site Scripting vulnerability in Combodo Itop 2.7.0 Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. network low complexity combodo CWE-79	5.4
2020-08-10	CVE-2020-12778	Cross-site Scripting vulnerability in Combodo Itop Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. network low complexity combodo CWE-79	6.1
2020-06-05	CVE-2020-11696	Cross-site Scripting vulnerability in Combodo Itop In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. network low complexity combodo CWE-79	6.1
2020-06-05	CVE-2020-11697	Cross-site Scripting vulnerability in Combodo Itop In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. network low complexity combodo CWE-79	6.1
2020-02-14	CVE-2019-13966	Cross-site Scripting vulnerability in Combodo Itop In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. network low complexity combodo CWE-79	6.1
2020-02-14	CVE-2019-13965	Cross-site Scripting vulnerability in Combodo Itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. network low complexity combodo CWE-79	6.1
2018-02-20	CVE-2015-6544	Cross-site Scripting vulnerability in Combodo Itop Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. network low complexity combodo CWE-79	6.1