A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
CVSS Score
5.7
EPSS Score
0.001
Published
2020-08-10
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-05
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0
CVSS Score
8.1
EPSS Score
0.005
Published
2020-03-16
Page 5