Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Combodo — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting Combodo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Combodo is a software development firm best known for creating iTop, an open-source IT Service Management platform used for incident, problem, and change management. Historically, its applications have been targeted due to a significant volume of recorded vulnerabilities, including Remote Code Execution, Cross-Site Scripting, and SQL Injection. These flaws often stem from insufficient input validation and improper access controls within the web interface. While the company maintains an active security response process, the sheer number of disclosed Common Vulnerabilities and Exposures highlights persistent challenges in securing legacy codebases. Major incidents have primarily involved exploitation of these injection flaws by attackers seeking unauthorized administrative access or data exfiltration. Users are advised to maintain strict patch management protocols and implement robust network segmentation to mitigate risks associated with these historically common vulnerability classes.

Top products by Combodo: iTop
CVE IDTitleCVSSSeverityPublished
CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php — iTopCWE-79 7.1 High2025-11-10
CVE-2025-49145 iTop admin can drop iTop database using webhooks — iTopCWE-863 8.7 High2025-11-10
CVE-2025-48878 Combodo iTop vulnerable to IDOR with ModuleInstallation object — iTopCWE-862 4.3 Medium2025-11-10
CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error — iTopCWE-79 8.8 High2025-11-10
CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick — iTopCWE-79 8.5 High2025-11-10
CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard — iTopCWE-79 8.8 High2025-11-10
CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php — iTopCWE-79 8.8 High2025-11-10
CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality — iTopCWE-74 9.1 -2025-11-10
CVE-2025-24969 iTop portal user can see any other contact's picture — iTopCWE-639 5.0 Medium2025-05-14
CVE-2025-24785 iTop dashboard vulnerable to denial of service — iTopCWE-20 4.3 Medium2025-05-14
CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability — iTopCWE-1333 5.3 Medium2025-05-14
CVE-2025-24022 iTop server vulnerable to portal code injection — iTopCWE-78 8.6 High2025-05-14
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form — iTopCWE-862 5.0 Medium2025-05-14
CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import — iTopCWE-79 6.3 Medium2025-05-14
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability — iTopCWE-639 6.5 Medium2025-05-14
CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences — iTopCWE-79 6.8 Medium2025-02-25
CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter — iTopCWE-79 7.9 High2024-12-13
CVE-2024-52000 Reflected Cross-site Scripting exploit in Combodo iTop — iTopCWE-79 6.1 -2024-11-08
CVE-2024-52001 Portal user is able to access forbidden services information in Combodo iTop — iTopCWE-200 4.3 -2024-11-08
CVE-2024-52002 Cross-Site Request Forgery (CSRF) in several iTop pages — iTopCWE-352 8.8 -2024-11-08
CVE-2024-51993 Password is stored in clear in the database in Combodo iTop — iTopCWE-312 6.5AIMediumAI2024-11-07
CVE-2024-51994 Cross-site Scripting in portal picture upload in Combodo iTop — iTopCWE-79 5.4AIMediumAI2024-11-07
CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop — iTopCWE-284 7.5AIHighAI2024-11-07
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop — iTopCWE-918 4.3 Medium2024-11-05
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop — iTopCWE-200 7.5 High2024-11-05
CVE-2024-32870 iTop hub connector Information disclosure — iTopCWE-200 5.8 Medium2024-11-04
CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop — iTopCWE-352 8.8 High2024-11-04
CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-34445 Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-34444 Cross-site Scripting vulnerability on pages/ajax.searchform.php in Combodo iTop — iTopCWE-79 8.8 High2024-11-04

This page lists every published CVE security advisory associated with Combodo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.