EUVD-2022-52912

Malicious code in bioql PyPI...

CVE-2024-51995

Combodo iTop is affected by a logic bug in ajax.render.php that allows bypassing backOffice access control by crafting arbitrary routes, unless an allowed operation is specified. The issue is resolved in version 3.2.0 by applying the same access-control pattern used in UI.php to ajax.render.php, ...

CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker can request any route we want as long as we specify an operation that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in UI.php to the ajax.render.php page which does not...

CVE-2023-34445

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

CVE-2023-34445 Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

CVE-2023-34445 Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

Input validation

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

Cross site scripting

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2022-31403

CVE-2022-31403 affects the IT service management platform iTop (notably v3.0.x, with the core issue reported as an XSS via /itop/pages/ajax.render.php). The Red Hat advisory confirms the existence of an XSS vulnerability in ITOP 3.0.1, with public-facing impact described as cross-site scripting. ...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2021-41162

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...

Cross site scripting

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...

CVE-2021-41162 Cross-site Scripting in Combodo iTop

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...