Lucene search
K

10 matches found

NVD
NVD
added 2025/11/10 10:15 p.m.5 views

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

7.1CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/10 8:35 p.m.4 views

EUVD-2025-50780

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

8.8CVSS5.6AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/10 8:35 p.m.8 views

CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

8.8CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 7:15 p.m.4 views

CVE-2025-47773

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

8.8CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/10 6:38 p.m.7 views

CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...

8.6CVSS0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/10 6:38 p.m.3 views

CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...

8.6CVSS7AI score0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-46185

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 and 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to a cross-site scripting issue when a dashboard is rendered via an AJAX call. The issue occurs when rendering a...

8.8CVSS5.9AI score0.00194EPSS
Exploits0References8
NVD
NVD
added 2025/09/09 5:15 p.m.5 views

CVE-2025-32689

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 4:25 p.m.11 views

CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

WordPress plugin WP SmartPay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder