Vulnerabilities > I Doit > I Doit > 1.17.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-14 CVE-2023-37756 Weak Password Requirements vulnerability in I-Doit
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation.
network
low complexity
i-doit CWE-521
critical
9.8
2023-09-14 CVE-2023-37755 Use of Hard-coded Credentials vulnerability in I-Doit
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name.
network
low complexity
i-doit CWE-798
critical
9.8
2023-06-27 CVE-2023-34830 Cross-site Scripting vulnerability in I-Doit
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
network
low complexity
i-doit CWE-79
5.4