VYPR

iTop

by ITop

CVEs (3)

  • CVE-2019-13967HigFeb 14, 2020
    risk 0.49cvss 7.5epss 0.01

    iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI.…

  • CVE-2019-13966MedFeb 14, 2020
    risk 0.40cvss 6.1epss 0.01

    In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

  • CVE-2019-13965MedFeb 14, 2020
    risk 0.40cvss 6.1epss 0.02

    Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the…