Vulnerabilities > I Doit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-1010248 | SQL Injection vulnerability in I-Doit Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. | 7.5 |
| 2019-06-18 | CVE-2019-6965 | Cross-site Scripting vulnerability in I-Doit 1.12 An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. | 4.3 |
| 2018-12-15 | CVE-2018-20159 | Improper Input Validation vulnerability in I-Doit 1.11.2 i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. | 6.5 |
| 2014-02-27 | CVE-2014-2231 | Cross-Site Scripting vulnerability in I-Doit Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | 4.3 |
| 2014-02-27 | CVE-2014-1597 | SQL Injection vulnerability in I-Doit SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | 7.5 |
| 2014-02-11 | CVE-2014-1237 | Cross-Site Scripting vulnerability in I-Doit Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter. | 4.3 |
| 2014-02-11 | CVE-2013-1413 | Cross-Site Scripting vulnerability in I-Doit 0.9.9/1.0/1.0.2 Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |