Clément Speybrouck

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 **Description** The issue concerns the caching of admin pages in Combodo iTop, allowing their content to be visible after disconnection by using the browser back button. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 3.0.0, update to version 3.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 **Description** The issue concerns a web-based IT Service Management tool. When a download error occurs in the user portal, an SQL query is displayed to the user. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 3.0.0, update to version 3.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 **Description** The issue concerns a web-based IT Service Management tool where two cookies are created for the same session, potentially allowing user session theft. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.2 and 3.0.0 **Description** The issue affects Combodo iTop, a web-based IT Service Management tool. By modifying the target browser's local storage, an XSS can be generated in the iTop console breadcrumb. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 3.0.0, update to version 3.0.0 or later.