424 matches found
CVE-2024-51994
Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting XSS vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no...
CVE-2024-31998
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-31448
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...
CVE-2024-54139
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...
CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...
CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...
Combodo iTop 跨站脚本漏洞
Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...
CVE-2024-52001
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-52002
Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery CSRF vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There a...
CVE-2024-52000
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...
CVE-2024-52000
CVE-2024-52000 affects Combodo iTop (prior to version 3.2.0): a reflected Cross-site Scripting (XSS) vulnerability triggered by editing a request payload, potentially enabling malicious JavaScript execution. The issue is mitigated in version 3.2.0 via systematic escaping of error messages when re...
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-52001
CVE-2024-52001 affects Combodo iTop, a web-based IT Service Management tool. The issue allows portal users to access information about prohibited/forbidden services in affected releases. Public sources consistently state upgrades address the vulnerability, with remediation to version 3.2.0 or lat...
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-52002
Combodo iTop is affected by a Cross-Site Request Forgery (CSRF) across multiple endpoints. The CVE describes CSRF in several iTop pages, with an explicit fix in version 3.2.0; all users are advised to upgrade. The public sources indicate there are no known workarounds. Connected references corrob...
CVE-2024-52002 Cross-Site Request Forgery (CSRF) in several iTop pages
Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery CSRF vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There a...