Vulnerabilities > I Doit > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-8750 | Cross-site Scripting vulnerability in I-Doit 28 Cross-site Scripting (XSS) vulnerability in idoit pro version 28. | 6.1 |
| 2023-10-21 | CVE-2023-46003 | Cross-site Scripting vulnerability in I-Doit I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | 5.4 |
| 2023-09-14 | CVE-2023-37739 | Path Traversal vulnerability in I-Doit i-doit Pro v25 and below was discovered to be vulnerable to path traversal. | 6.5 |
| 2023-06-27 | CVE-2023-34830 | Cross-site Scripting vulnerability in I-Doit i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. | 5.4 |
| 2020-08-20 | CVE-2020-13826 | Injection vulnerability in I-Doit A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | 6.8 |
| 2020-08-20 | CVE-2020-13825 | Cross-site Scripting vulnerability in I-Doit A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. | 4.3 |
| 2019-06-18 | CVE-2019-6965 | Cross-site Scripting vulnerability in I-Doit 1.12 An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. | 4.3 |
| 2018-12-15 | CVE-2018-20159 | Improper Input Validation vulnerability in I-Doit 1.11.2 i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. | 6.5 |
| 2014-02-27 | CVE-2014-2231 | Cross-Site Scripting vulnerability in I-Doit Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | 4.3 |
| 2014-02-11 | CVE-2014-1237 | Cross-Site Scripting vulnerability in I-Doit Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter. | 4.3 |