A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVSS Score
7.4
EPSS Score
0.003
Published
2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVSS Score
6.8
EPSS Score
0.003
Published
2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
CVSS Score
5.7
EPSS Score
0.001
Published
2020-08-10
Page 5