Skip to main content

I Doit

17 CVEs product

Monthly

CVE-2024-8750 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in idoit pro version 28. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8749 HIGH This Week

SQL injection vulnerability in idoit pro version 28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP I Doit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46003 MEDIUM POC This Month

I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Doit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37756 CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37755 CRITICAL POC Act Now

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37739 MEDIUM POC This Month

i-doit Pro v25 and below was discovered to be vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal I Doit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-34830 MEDIUM POC This Month

i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3151 MEDIUM POC This Month

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-13826 HIGH POC This Week

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection I Doit
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-13825 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-1010248 CRITICAL Act Now

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi I Doit
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-6965 MEDIUM POC This Month

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP I Doit
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-20159 HIGH POC This Week

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP I Doit
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
9.9%
CVE-2014-2231 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1597 HIGH POC This Week

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Doit
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-1237 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1413 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in idoit pro version 28. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS I Doit
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in idoit pro version 28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP I Doit
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Doit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass I Doit
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

i-doit Pro v25 and below was discovered to be vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal I Doit
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection I Doit
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi I Doit
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP I Doit
NVD Exploit-DB
EPSS 10% CVSS 7.2
HIGH POC This Week

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP I Doit
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Doit
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Doit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy