VYPR
Vendor

ITop

Products
3
CVEs
4
Across products
5
Status
Private

Products

3

Recent CVEs

4
  • CVE-2019-13967HigFeb 14, 2020
    risk 0.49cvss 7.5epss 0.01

    iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI.…

  • CVE-2022-24140MedJul 6, 2022
    risk 0.43cvss 6.6epss 0.01

    IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the…

  • CVE-2019-13966MedFeb 14, 2020
    risk 0.40cvss 6.1epss 0.01

    In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

  • CVE-2019-13965MedFeb 14, 2020
    risk 0.40cvss 6.1epss 0.02

    Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the…