Combodo Latest High Vulnerabilities

Remote Code Execution Vulnerability in iTop by Combodo

CVE-2025-24022

CombodoItop8.6HIGH

Cross-Site Request Forgery Vulnerability in Combodo iTop Prior to Versions 2.7.11, 3.1.2, and 3.2.0

CVE-2024-54139

CombodoItop9.6CRITICAL

iTop CSRF Vulnerability Affects Several URL Endpoints

CVE-2024-52002

CombodoItop👾🟡8.8HIGH

iTop Vulnerability: HTTP Requests from Low-Privileged Users

CVE-2024-51740

CombodoItop8.8HIGH

CSV Import Vulnerability Affects iTop, Upgrade to 3.1.2 or 3.2.0 Advised

CVE-2024-31998

CombodoItop8.8HIGH

iTop Platform Vulnerability Affects Restricted Access Files

CVE-2023-48710

CombodoItop9.8CRITICAL

iTop Platform Vulnerability: Malicious Formulas in CSV/Excel Exports May Lead to Remote Code Execution

CVE-2023-48709

CombodoItop8HIGH

Local Code Execution Vulnerability in Combodo iTop by Combodo

CVE-2023-47489

CombodoItop👾🟡7.8HIGH

iTop XSS vulnerability on pages/preferences.php

CVE-2023-34446

CombodoItop8.8HIGH

iTop XSS vulnerability on pages/UI.php

CVE-2023-34447

CombodoItop8.8HIGH

Combodo iTop's weak password reset token leads to account takeover

CVE-2022-39216

CombodoItop7.4HIGH

Authenticated users of Combodo iTop can take over any account

CVE-2022-39214

CombodoItop9.6CRITICAL

Cross-site Scripting in Combodo iTop

CVE-2021-41162

CombodoItop9.3CRITICAL

Stored Cross-site Scripting in Combodo iTop

CVE-2022-24870

CombodoItop8.7HIGH

XSS in csvimport in 3.0.0-beta versions

CVE-2021-41161

CombodoItop9.3CRITICAL

Code Injection in Combodo iTop

CVE-2022-24780

CombodoItop👾🟡EPSS 16%8.8HIGH

Reflected XSS in Combodo/iTop

CVE-2021-32664

CombodoItop8.1HIGH

Unauthorized setup leads to SSRF in Combodo/iTop

CVE-2021-32663

CombodoItop8.7HIGH

Any user can see any fields (including mailbox password) with GroupBy Dashlet

CVE-2021-32775

CombodoItop7.7HIGH

Portal : the CSRF token isn't validated

CVE-2021-21407

CombodoItop8HIGH

Information disclosure vulnerability in iTop

CVE-2020-4079

CombodoItop7.7HIGH

Combodo iTop - Broken Access Control

CVE-2020-12777

CombodoItop7.5HIGH

Combodo iTop - Reflected XSS

CVE-2020-12778

CombodoItop7.4HIGH

Combodo iTop - Security Misconfiguration

CVE-2020-12780

CombodoItop7.5HIGH

Privilege Escalation in Combodo iTop Web Application

CVE-2019-19821

CombodoItop8.1HIGH

Vulnerability Published:

Sort By:

14 May 2025

Remote Code Execution Vulnerability in iTop by Combodo

13 December 2024

Cross-Site Request Forgery Vulnerability in Combodo iTop Prior to Versions 2.7.11, 3.1.2, and 3.2.0

8 November 2024

iTop CSRF Vulnerability Affects Several URL Endpoints

5 November 2024

iTop Vulnerability: HTTP Requests from Low-Privileged Users

CSV Import Vulnerability Affects iTop, Upgrade to 3.1.2 or 3.2.0 Advised

15 April 2024

iTop Platform Vulnerability Affects Restricted Access Files

iTop Platform Vulnerability: Malicious Formulas in CSV/Excel Exports May Lead to Remote Code Execution

9 November 2023

Local Code Execution Vulnerability in Combodo iTop by Combodo

25 October 2023

iTop XSS vulnerability on pages/preferences.php

iTop XSS vulnerability on pages/UI.php

14 March 2023

Combodo iTop's weak password reset token leads to account takeover

Authenticated users of Combodo iTop can take over any account

21 April 2022

Cross-site Scripting in Combodo iTop

Stored Cross-site Scripting in Combodo iTop

XSS in csvimport in 3.0.0-beta versions

5 April 2022

Code Injection in Combodo iTop

19 October 2021

Reflected XSS in Combodo/iTop

Unauthorized setup leads to SSRF in Combodo/iTop

21 July 2021

Any user can see any fields (including mailbox password) with GroupBy Dashlet

Portal : the CSRF token isn't validated

12 January 2021

Information disclosure vulnerability in iTop

10 August 2020

Combodo iTop - Broken Access Control

Combodo iTop - Reflected XSS

Combodo iTop - Security Misconfiguration

16 March 2020

Privilege Escalation in Combodo iTop Web Application