5
CVE-2025-24969 - iTop portal user can see any other contact's picture
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.
4.3
CVE-2025-24785 - iTop dashboard vulnerable to denial of service
iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving theโฆ
5.3
CVE-2025-24026 - iTop Inefficient Regular Expression Complexity vulnerability
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_rooโฆ
8.6
CVE-2025-24022 - iTop server vulnerable to portal code injection
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
5
CVE-2025-24021 - iTop doesn't have mass assignment of fields in the portal form
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
6.3
CVE-2024-56157 - iTop vulnerable to Self XSS in CSV Import
iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before imporโฆ
6.5
CVE-2024-52601 - iTop portal Insecure Direct Object Reference vulnerability
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
9.4
CVE-2024-10865 - Reflected Cross-Site Scripting vulnerability in OpenText Advanced Authentication
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.
7.5
CVE-2024-10864 - SQL Injection vulnerability has been discovered in OpenTextโข Advanced Authentication.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication.ย This issue affects Advanced Authentication versions before 6.5
7.5
CVE-2025-3600 - Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX
In Progressยฎ Telerikยฎ UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.