In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47773 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) when a dashboard is edited via an AJAX call. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47773.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47286 was detected. This vulnerability allows an administrator to execute arbitrary code on the server by editing the configuration of the iTop instance in the backup creation functionality. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47286.
Read more IT Business ManagementIn Combodo iTop versions on the 3.x branch prior to 3.2.2 a medium severity vulnerability CVE-2025-48878 was detected. This vulnerability allows users with insufficient privileges to create a ModuleInstallation object due to an insecure direct object reference (IDOR). To fix this vulnerability, users should upgrade to iTop version 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48878.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-48065 was detected. This vulnerability allows reflected cross-site scripting (XSS) to occur when a form field containing an error renders attacker-controlled content back to the user. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48065.
Read more IT Business ManagementIn Combodo iTop versions prior to 3.2.2 a high severity vulnerability CVE-2025-48055 was detected. This vulnerability allows stored cross-site scripting (XSS) in the User Portal’s browse brick, where user-supplied content could be rendered without proper sanitization. To fix this vulnerability, users should upgrade to iTop versions 3.2.2 or 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48055.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-64167 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript code when a user edits the URL parameter due to improper input sanitization. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64167.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-49145 was detected. This vulnerability allows users with permissions to create webhooks to trigger database deletion due to insufficient validation of webhook callback signatures. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49145.
Read more IT Business ManagementIn iTop v.3.1.0-2-11973 a high severity vulnerability CVE-2023-47489 was detected. A CSV injection in the export functionality (export-v2.php and ajax.render.php) allows a local attacker to inject crafted scripts that can lead to arbitrary code execution. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47489.
Read more IT Business ManagementIn iTop v.3.1.0-2-11973 a medium severity vulnerability CVE-2023-47488 was detected. This cross-site scripting (XSS) vulnerability allows a local attacker to obtain sensitive information by injecting a crafted script into the attrib_manager_id parameter in the General Information page or the id parameter in the contact page. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47488.
Read more IT Business Management