Italtel Italtel

  1. Vendors
  2. Italtel

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Italtel product.

RSS Feeds for Italtel security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Italtel products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Italtel Sorted by Most Security Vulnerabilities since 2018

Italtel Embrace8 vulnerabilities

Italtel Netmatch S Ci3 vulnerabilities

Italtel I Mcs Nfv1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Italtel. Last year, in 2025 Italtel had 1 security vulnerability published. Right now, Italtel is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 1 0.00
2024 8 6.68
2023 3 7.57

It may take a day or so for new Italtel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Italtel Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-28803 Mar 13, 2025
i-MCS NFV v12.1.0-20211215 Unauth XSS via POST Parameter Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
I Mcs Nfv
CVE-2024-31842 Aug 20, 2024
Italtel Embrace 1.6.4 GET Token Leak Leads to Account Takeover An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
Embrace
CVE-2024-31843 May 23, 2024
Italtel Embrace 1.6.4: Auth OS Command Injection An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.
Embrace
CVE-2024-31847 May 21, 2024
Stored XSS in Italtel Embrace 1.6.4 via GET param An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.
Embrace
CVE-2024-31844 May 21, 2024
Italtel Embrace 1.6.4 Path Disclosure via Error Handling An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
Embrace
CVE-2024-31840 May 21, 2024
Italtel Embrace 1.6.4 UI Reveals Cleartext Email Password An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
Embrace
CVE-2024-31845 May 21, 2024
Italtel Embrace 1.6.4 Log Injection via GET Parameter Exposes User Attribution An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.
Embrace
CVE-2024-31846 Apr 19, 2024
Italtel Embrace 1.6.4: Unauthorized Access Vulnerability An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Embrace
CVE-2024-31841 Apr 19, 2024
Italtel Embrace 1.6.4: Unauth Remote LFI via Unsanitized Input An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
Embrace
CVE-2022-39813 Jan 27, 2023
Italtel NetMatch-S CI 5.2.0-20211008 XSS via j_username (Web GUI) Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.
Netmatch S Ci
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.