10 matches found
CVE-2025-64167
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...
EUVD-2025-50780
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...
CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...
CVE-2025-47773
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...
CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...
CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...
PT-2025-46185
Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 and 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to a cross-site scripting issue when a dashboard is rendered via an AJAX call. The issue occurs when rendering a...
CVE-2025-32689
Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...
CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability
Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...
WordPress plugin WP SmartPay 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...