Vulnerabilities > I Doit

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-8749 SQL Injection vulnerability in I-Doit 28
SQL injection vulnerability in idoit pro version 28.
network
low complexity
i-doit CWE-89
7.5
2024-09-12 CVE-2024-8750 Cross-site Scripting vulnerability in I-Doit 28
Cross-site Scripting (XSS) vulnerability in idoit pro version 28.
network
low complexity
i-doit CWE-79
6.1
2023-10-21 CVE-2023-46003 Cross-site Scripting vulnerability in I-Doit
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
network
low complexity
i-doit CWE-79
5.4
2023-09-14 CVE-2023-37756 Weak Password Requirements vulnerability in I-Doit
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation.
network
low complexity
i-doit CWE-521
critical
9.8
2023-09-14 CVE-2023-37739 Path Traversal vulnerability in I-Doit
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.
network
low complexity
i-doit CWE-22
6.5
2023-09-14 CVE-2023-37755 Use of Hard-coded Credentials vulnerability in I-Doit
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name.
network
low complexity
i-doit CWE-798
critical
9.8
2023-06-27 CVE-2023-34830 Cross-site Scripting vulnerability in I-Doit
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
network
low complexity
i-doit CWE-79
5.4
2021-02-27 CVE-2021-3151 Cross-site Scripting vulnerability in I-Doit
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.
network
low complexity
i-doit CWE-79
5.4
2020-08-20 CVE-2020-13826 Improper Neutralization of Formula Elements in a CSV File vulnerability in I-Doit
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.
network
low complexity
i-doit CWE-1236
8.8
2020-08-20 CVE-2020-13825 Cross-site Scripting vulnerability in I-Doit
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.
network
low complexity
i-doit CWE-79
6.1