Lucene search
+L

424 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:15 a.m.5 views

CVE-2024-51994

Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting XSS vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no...

7.1CVSS6.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:26 a.m.11 views

CVE-2024-31998

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

8.8CVSS6.8AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:24 a.m.16 views

CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

8.8CVSS6.1AI score0.00329EPSS
Exploits1References1
NVD
NVD
added 2024/12/13 4:15 p.m.19 views

CVE-2024-54139

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

9.6CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 3:59 p.m.13 views

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

7.9CVSS6.4AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 3:59 p.m.20 views

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

7.9CVSS0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

9.6CVSS7.6AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 11:15 p.m.14 views

CVE-2024-52001

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

4.3CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 11:15 p.m.16 views

CVE-2024-52002

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery CSRF vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There a...

8.8CVSS0.00638EPSS
Exploits1References1
NVD
NVD
added 2024/11/08 11:15 p.m.13 views

CVE-2024-52000

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

8.1CVSS0.00355EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/08 10:20 p.m.7 views

CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

8.1CVSS6.2AI score0.00355EPSS
Exploits1References1
CVE
CVE
added 2024/11/08 10:20 p.m.55 views

CVE-2024-52000

CVE-2024-52000 affects Combodo iTop (prior to version 3.2.0): a reflected Cross-site Scripting (XSS) vulnerability triggered by editing a request payload, potentially enabling malicious JavaScript execution. The issue is mitigated in version 3.2.0 via systematic escaping of error messages when re...

8.1CVSS7.8AI score0.00355EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/08 10:20 p.m.15 views

CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

8.1CVSS0.00355EPSS
Exploits1References1
OSV
OSV
added 2024/11/08 10:20 p.m.7 views

CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting XSS exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic...

8.1CVSS7.7AI score0.00355EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/08 10:18 p.m.13 views

CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

4.3CVSS6.8AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/08 10:18 p.m.24 views

CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

4.3CVSS0.0029EPSS
Exploits0References1
CVE
CVE
added 2024/11/08 10:18 p.m.51 views

CVE-2024-52001

CVE-2024-52001 affects Combodo iTop, a web-based IT Service Management tool. The issue allows portal users to access information about prohibited/forbidden services in affected releases. Public sources consistently state upgrades address the vulnerability, with remediation to version 3.2.0 or lat...

4.3CVSS4.5AI score0.0029EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/08 10:18 p.m.16 views

CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

4.3CVSS5.1AI score0.0029EPSS
Exploits0References3
CVE
CVE
added 2024/11/08 10:16 p.m.59 views

CVE-2024-52002

Combodo iTop is affected by a Cross-Site Request Forgery (CSRF) across multiple endpoints. The CVE describes CSRF in several iTop pages, with an explicit fix in version 3.2.0; all users are advised to upgrade. The public sources indicate there are no known workarounds. Connected references corrob...

8.8CVSS7.7AI score0.00638EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/08 10:16 p.m.12 views

CVE-2024-52002 Cross-Site Request Forgery (CSRF) in several iTop pages

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery CSRF vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There a...

7.6CVSS7.6AI score0.00638EPSS
Exploits1References3
Rows per page
Query Builder