Page 9 of 52 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Combodo iTop contiene una vulnerabilidad de tipo Cross-site Scripting almacenado, que puede ser atacada mediante la carga de un archivo con un script malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247 https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Combodo iTop no comprueba los parámetros ingresados, los atacantes pueden inyectar comandos maliciosos e iniciar un ataque de tipo XSS • https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Una función en Combodo iTop contiene una vulnerabilidad de Control de Acceso Roto, que permite a un atacante no autorizado inyectar comandos y revelar información del sistema • https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2 https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. En Combodo iTop, un nombre de acceso directo de menú puede ser explotado con una carga de tipo XSS almacenado. Esto es corregido en todos los paquetes iTop (community, essential, professional) en la versión 2.7.0 y iTop essential e iTop professional en la versión 2.6.4 • https://github.com/Combodo/iTop/security/advisories/GHSA-4h6p-jghj-8qxm https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3Achange_log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. En Combodo iTop, los id del panel de control pueden ser explotados con una carga útil XSS reflexiva. Esto es corregido en todos los paquetes iTop (community, essential, professional) para la versión 2.7.0 y en los paquetes iTop essential e iTop professional para la versión 2.6.4 • https://github.com/Combodo/iTop/security/advisories/GHSA-xfh9-5632-hxmv https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3A2_7_whats_new • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •