CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

CVE-2025-64167

Combodo iTop, a web-based IT service management tool, is vulnerable to cross-site scripting (JS execution) in versions prior to 2.7.13 and 3.2.2 when editing a URL parameter. In these versions, the export.php endpoint was deprecated and export-v2.php is used instead; the issue stems from insuffic...

EUVD-2025-50821

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

Input validation

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

Combodo iTop Security Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo iTop version...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...

CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...

Cross site scripting

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...

CVE-2022-31402

Multiple sources corroborate that ITOP (iTop) is affected by cross-site scripting (XSS) vulnerabilities in various components and versions. The original CVE-2022-31402 notes an XSS via /itop/webservices/export-v2.php in ITOP 3.0.1. Connected PTSecurity entries expand on additional XSS issues: (1)...

CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...