14 matches found
CVE-2025-64167
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...
CVE-2025-64167
Combodo iTop, a web-based IT service management tool, is vulnerable to cross-site scripting (JS execution) in versions prior to 2.7.13 and 3.2.2 when editing a URL parameter. In these versions, the export.php endpoint was deprecated and export-v2.php is used instead; the issue stems from insuffic...
CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...
EUVD-2025-50821
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
Input validation
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
Combodo iTop Security Vulnerability
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo iTop version...
CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...
CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...
Cross site scripting
ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...
CVE-2022-31402
Multiple sources corroborate that ITOP (iTop) is affected by cross-site scripting (XSS) vulnerabilities in various components and versions. The original CVE-2022-31402 notes an XSS via /itop/webservices/export-v2.php in ITOP 3.0.1. Connected PTSecurity entries expand on additional XSS issues: (1)...
CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...