Vulnerabilities > I Doit > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-8750 Cross-site Scripting vulnerability in I-Doit 28
Cross-site Scripting (XSS) vulnerability in idoit pro version 28.
network
low complexity
i-doit CWE-79
6.1
6.1
2023-10-21 CVE-2023-46003 Cross-site Scripting vulnerability in I-Doit
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
network
low complexity
i-doit CWE-79
5.4
5.4
2023-09-14 CVE-2023-37739 Path Traversal vulnerability in I-Doit
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.
network
low complexity
i-doit CWE-22
6.5
6.5
2023-06-27 CVE-2023-34830 Cross-site Scripting vulnerability in I-Doit
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
network
low complexity
i-doit CWE-79
5.4
5.4
2021-02-27 CVE-2021-3151 Cross-site Scripting vulnerability in I-Doit
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.
network
low complexity
i-doit CWE-79
5.4
5.4
2020-08-20 CVE-2020-13825 Cross-site Scripting vulnerability in I-Doit
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.
network
low complexity
i-doit CWE-79
6.1
6.1
2019-06-18 CVE-2019-6965 Cross-site Scripting vulnerability in I-Doit 1.12
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
network
low complexity
i-doit CWE-79
6.1
6.1