📦 Itop
by Combodo
🔍 What is Itop?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2023-48710 is a critical directory traversal vulnerability in iTop IT service management platform that allows unauthenticated attackers to access restricted files from the env-production folder. T...
This vulnerability allows attackers to inject malicious JavaScript into CSV files exported from Combodo iTop. When users open these CSV files, the JavaScript executes in their browser context, potenti...
This vulnerability allows attackers to inject malicious JavaScript via the URL parameter in Combodo iTop's export.php file, leading to cross-site scripting attacks. Users of iTop versions prior to 2.7...
A privilege escalation vulnerability in Combodo iTop allows authenticated users with webhook creation permissions (typically administrators) to execute arbitrary database operations, including droppin...
This cross-site scripting (XSS) vulnerability in Combodo iTop allows attackers to inject malicious scripts into error messages that are displayed to users. When exploited, this can lead to session hij...
This vulnerability allows attackers to inject malicious scripts into the user portal's browse brick in Combodo iTop, potentially compromising user sessions and data. It affects all iTop installations ...
This vulnerability allows attackers to inject malicious scripts into Combodo iTop dashboards when rendered via AJAX calls. Users of iTop versions before 2.7.13 and 3.2.2 are affected, potentially enab...
This vulnerability allows administrators in Combodo iTop to execute arbitrary code on the server by editing the instance configuration. It affects iTop versions before 2.7.13 and 3.2.2, requiring admi...
Combodo iTop versions before 2.7.13 and 3.2.2 contain a cross-site scripting vulnerability in dashboard editing via AJAX calls. This allows attackers to inject malicious scripts that execute in users'...
This vulnerability allows remote code execution through iTop's web portal frontend. Attackers can execute arbitrary commands on the server by exploiting improper input sanitization. All iTop installat...
This CSRF vulnerability in Combodo iTop allows attackers to trick authenticated users into performing unintended actions by visiting malicious web pages. All iTop users running versions before 3.2.0 a...
This vulnerability in Combodo iTop allows attackers to bypass access controls by specifying arbitrary routes through allowed operations. It affects all iTop users running versions before 3.2.0, enabli...
CVE-2024-51739 is an information disclosure vulnerability in Combodo iTop that allows unauthenticated attackers to enumerate valid user accounts via the password reset functionality. This affects all ...
This Cross-Site Scripting (XSS) vulnerability in iTop allows attackers to inject malicious scripts into object friendlyname/complementary name fields. When these objects are displayed as n:n relation ...
This Cross-Site Scripting (XSS) vulnerability in iTop allows attackers to inject malicious scripts into the user's personal tokens display/edit interface. When exploited, it can lead to session hijack...
This CVE describes a CSV injection vulnerability in Combodo iTop that allows a local attacker to execute arbitrary code via crafted scripts in CSV exports. The vulnerability affects iTop version 3.1.0...
This CVE describes a cross-site scripting (XSS) vulnerability in iTop's preferences.php page that allows attackers to inject malicious scripts into web pages viewed by other users. It affects iTop ver...
CVE-2022-39216 is a vulnerability in Combodo iTop where password reset tokens are generated without sufficient randomness, allowing attackers to predict or brute-force tokens. This enables account tak...
This vulnerability allows authorized users of Combodo iTop to inject malicious scripts into tooltips via the customization mechanism, creating a stored cross-site scripting (XSS) attack vector. The at...
CVE-2022-24780 is a critical remote code execution vulnerability in Combodo iTop ITSM software. Authenticated users can inject TWIG template code through forged HTTP requests, allowing them to execute...
CVE-2021-32663 is an authentication bypass vulnerability in iTop ITSM software that allows unauthenticated attackers to access the system setup interface. With specific parameters, this can lead to Se...
This vulnerability in Combodo iTop allows non-admin users to access sensitive class/field values through error messages in the GroupBy Dashlet. It affects all iTop installations running versions befor...
CVE-2021-21407 is a Cross-Site Request Forgery (CSRF) vulnerability in Combodo iTop that allows attackers to bypass CSRF token validation through a tricky browser procedure. This enables attackers to ...
This vulnerability in Combodo iTop allows authenticated users to bypass data scope filtering by directly accessing the Excel export AJAX endpoint. This enables unauthorized access to sensitive data th...
This vulnerability allows authenticated users with Service Desk Agent permissions in Combodo iTop to create ModuleInstallation objects without proper authorization. It affects iTop 3.x versions before...
This vulnerability in iTop allows authenticated users with portal access to modify object fields they shouldn't have permission to change. It affects all iTop installations with portal access enabled....
This vulnerability in iTop 3.2.0 allows attackers to send specially crafted URLs that trigger PHP errors, causing the dashboard to crash for subsequent users. It affects all iTop 3.2.0 installations w...
This vulnerability in iTop allows authenticated users with portal access to view objects they shouldn't have permission to access by querying an unprotected route. It affects all iTop installations wi...
This vulnerability allows attackers to inject malicious scripts into the preferences page of Combodo iTop, a web-based IT service management tool. When exploited, it enables cross-site scripting attac...
CVE-2024-52000 is a reflected Cross-site Scripting (XSS) vulnerability in Combodo iTop IT Service Management tool. Attackers can inject malicious JavaScript by manipulating request payloads, potential...
This CVE describes a stored cross-site scripting (XSS) vulnerability in Combodo iTop's portal where uploading a text file containing JavaScript can execute malicious code in users' browsers. All users...
This vulnerability in Combodo iTop allows low-privileged users to make HTTP requests on behalf of the server, potentially leading to server-side request forgery (SSRF). It affects iTop installations w...