Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Project and Agile Management
  • IT Business Management

IT Business Management

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    12 Nov 2025 Project and Agile Management
    iTop: Cross-Site Scripting Vulnerability in Dashboard Editing via AJAX

    In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47773 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) when a dashboard is edited via an AJAX call. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47773.

    Read more
    IT Business Management
    12 Nov 2025 Project and Agile Management
    iTop: Remote Code Execution Vulnerability in Backup Creation Functionality

    In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47286 was detected. This vulnerability allows an administrator to execute arbitrary code on the server by editing the configuration of the iTop instance in the backup creation functionality. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47286.

    Read more
    IT Business Management
    11 Nov 2025 Project and Agile Management
    iTop: Insecure Direct Object Reference in ModuleInstallation Object Creation

    In Combodo iTop versions on the 3.x branch prior to 3.2.2 a medium severity vulnerability CVE-2025-48878 was detected. This vulnerability allows users with insufficient privileges to create a ModuleInstallation object due to an insecure direct object reference (IDOR). To fix this vulnerability, users should upgrade to iTop version 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48878.

    Read more
    IT Business Management
    11 Nov 2025 Project and Agile Management
    iTop: Reflected Cross-Site Scripting in Object Editing Form Error Handling

    In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-48065 was detected. This vulnerability allows reflected cross-site scripting (XSS) to occur when a form field containing an error renders attacker-controlled content back to the user. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48065.

    Read more
    IT Business Management
    11 Nov 2025 Project and Agile Management
    iTop: Stored Cross-Site Scripting in User Portal Browse Brick

    In Combodo iTop versions prior to 3.2.2 a high severity vulnerability CVE-2025-48055 was detected. This vulnerability allows stored cross-site scripting (XSS) in the User Portal’s browse brick, where user-supplied content could be rendered without proper sanitization. To fix this vulnerability, users should upgrade to iTop versions 3.2.2 or 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48055.

    Read more
    IT Business Management
    11 Nov 2025 Project and Agile Management
    iTop: Cross-Site Scripting Vulnerability in URL Parameter

    In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-64167 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript code when a user edits the URL parameter due to improper input sanitization. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64167.

    Read more
    IT Business Management
    11 Nov 2025 Project and Agile Management
    iTop: Webhook Callback Misvalidation Allows Database Deletion

    In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-49145 was detected. This vulnerability allows users with permissions to create webhooks to trigger database deletion due to insufficient validation of webhook callback signatures. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49145.

    Read more
    IT Business Management
    1 Oct 2025 Project and Agile Management
    iTop: CSV Injection in Export Feature Allowing Arbitrary Code Execution

    In iTop v.3.1.0-2-11973 a high severity vulnerability CVE-2023-47489 was detected. A CSV injection in the export functionality (export-v2.php and ajax.render.php) allows a local attacker to inject crafted scripts that can lead to arbitrary code execution. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47489.

    Read more
    IT Business Management
    1 Oct 2025 Project and Agile Management
    iTop: XSS Vulnerability Allowing Sensitive Information Disclosure

    In iTop v.3.1.0-2-11973 a medium severity vulnerability CVE-2023-47488 was detected. This cross-site scripting (XSS) vulnerability allows a local attacker to obtain sensitive information by injecting a crafted script into the attrib_manager_id parameter in the General Information page or the id parameter in the contact page. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47488.

    Read more
    IT Business Management
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}