Eric Espie

3 exploits Active since Mar 2023
CVE-2022-39214 WRITEUP CRITICAL WRITEUP
Combodo Itop < 2.7.8 - Incorrect Authorization
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS 9.6
CVE-2023-34446 WRITEUP HIGH WRITEUP
Combodo Itop - XSS
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVSS 8.8
CVE-2023-34447 WRITEUP HIGH WRITEUP
Combodo Itop < 3.0.4 - XSS
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVSS 8.8