Skip to main content

I Doit CVE-2014-2231

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-02-27 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 27, 2014 - 15:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. Affected products include: I-Doit. Version information: before 1.2.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in I Doit

View all
CVE-2023-37756 CRITICAL POC
9.8 Sep 14

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creatio

CVE-2023-37755 CRITICAL POC
9.8 Sep 14

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and

CVE-2020-13826 HIGH POC
8.8 Aug 20

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute ar

CVE-2014-1597 HIGH POC
7.5 Feb 27

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remot

CVE-2018-20159 HIGH POC
7.2 Dec 15

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. Rated high severity (CVSS 7.2), thi

CVE-2023-37739 MEDIUM POC
6.5 Sep 14

i-doit Pro v25 and below was discovered to be vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulne

CVE-2020-13825 MEDIUM POC
6.1 Aug 20

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HT

CVE-2019-1010248 CRITICAL
9.8 Jul 18

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2023-46003 MEDIUM POC
5.4 Oct 21

I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 5.4), thi

CVE-2023-34830 MEDIUM POC
5.4 Jun 27

i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter

CVE-2021-3151 MEDIUM POC
5.4 Feb 27

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attac

CVE-2024-8749 HIGH
7.5 Sep 12

SQL injection vulnerability in idoit pro version 28. Rated high severity (CVSS 7.5), this vulnerability is remotely expl

Share

CVE-2014-2231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy