Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Combodo — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting Combodo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Combodo is a software development firm best known for creating iTop, an open-source IT Service Management platform used for incident, problem, and change management. Historically, its applications have been targeted due to a significant volume of recorded vulnerabilities, including Remote Code Execution, Cross-Site Scripting, and SQL Injection. These flaws often stem from insufficient input validation and improper access controls within the web interface. While the company maintains an active security response process, the sheer number of disclosed Common Vulnerabilities and Exposures highlights persistent challenges in securing legacy codebases. Major incidents have primarily involved exploitation of these injection flaws by attackers seeking unauthorized administrative access or data exfiltration. Users are advised to maintain strict patch management protocols and implement robust network segmentation to mitigate risks associated with these historically common vulnerability classes.

Top products by Combodo: iTop
CVE IDTitleCVSSSeverityPublished
CVE-2023-34443 Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop — iTopCWE-79 8.8 High2024-11-04
CVE-2023-48710 iTop limit pages/exec.php script to PHP files — iTopCWE-552 9.8 Critical2024-04-15
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file — iTopCWE-1236 8.0 High2024-04-15
CVE-2023-47626 iTop vulnerable to XSS vulnerability in authent-token — iTopCWE-79 8.8 High2024-04-15
CVE-2023-47622 iTop vulnerable to XSS vulnerability in dashlet refresh — iTopCWE-79 8.8 High2024-04-15
CVE-2023-47123 iTop vulnerable to XSS vulnerability in n:n relations "tagset" widget — iTopCWE-79 8.7 High2024-04-15
CVE-2023-45808 iTop missing silo check on extkey in console and portal — iTopCWE-639 4.1 Medium2024-04-15
CVE-2023-44396 iTop vulnerable to XSS in dashlet modifications ajax endpoints — iTopCWE-79 6.8 Medium2024-04-15
CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details — iTopCWE-79 5.7 Medium2024-04-15
CVE-2023-38511 iTop Dashboard editor vulnerable dashboard config file parameter — iTopCWE-22 5.0 Medium2024-04-15
CVE-2023-34447 iTop XSS vulnerability on pages/UI.php — iTopCWE-79 8.8 High2023-10-25
CVE-2023-34446 iTop XSS vulnerability on pages/preferences.php — iTopCWE-79 8.8 High2023-10-25
CVE-2022-39216 Combodo iTop's weak password reset token leads to account takeover — iTopCWE-330 7.4 High2023-03-14
CVE-2022-39214 Authenticated users of Combodo iTop can take over any account — iTopCWE-863 9.6 Critical2023-03-14
CVE-2021-41162 Cross-site Scripting in Combodo iTop — iTopCWE-79 9.3 Critical2022-04-21
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop — iTopCWE-79 8.7 High2022-04-21
CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions — iTopCWE-79 9.3 Critical2022-04-21
CVE-2022-24811 Cross-site Scripting in Combodo iTop — iTopCWE-79 5.4 Medium2022-04-05
CVE-2022-24780 Code Injection in Combodo iTop — iTopCWE-94 8.8 High2022-04-05
CVE-2021-41245 Possible Cross-Site Request Forgery in Combodo iTop — iTopCWE-352 6.5 Medium2022-04-05
CVE-2021-32664 Reflected XSS in Combodo/iTop — iTopCWE-79 8.1 High2021-10-19
CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop — iTopCWE-918 8.7 High2021-10-19
CVE-2021-32776 No CSRF form token cleanup on Windows servers — iTopCWE-352 6.8 Medium2021-07-21
CVE-2021-32775 Any user can see any fields (including mailbox password) with GroupBy Dashlet — iTopCWE-209 7.7 High2021-07-21
CVE-2021-21407 Portal : the CSRF token isn't validated — iTopCWE-352 8.0 High2021-07-21
CVE-2021-21406 Command Injection vulnerability in the Setup Wizard — iTopCWE-77 5.8 Medium2021-07-21
CVE-2020-15221 XSS in the breadcrumbs — iTopCWE-79 6.8 Medium2021-01-13
CVE-2020-15220 Session fixation — iTopCWE-613 6.1 Medium2021-01-13
CVE-2020-15219 SQL query displayed on portal error — iTopCWE-209 4.3 Medium2021-01-13
CVE-2020-15218 Admin pages are cached and can be embedded — iTopCWE-613 6.8 Medium2021-01-13

This page lists every published CVE security advisory associated with Combodo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.