I-doit » I-doit : Security Vulnerabilities, CVEs, Published In 2014 CVSS score >= 4

CVE-2014-2231

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-02-27
Updated
2014-02-28

CVE-2014-1597

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
Max CVSS
7.5
EPSS Score
0.22%
Published
2014-02-27
Updated
2017-08-29

CVE-2014-1237

Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-02-11
Updated
2017-08-29

CVE-2013-1413

Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-02-11
Updated
2014-02-12
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close