) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:i-doit:i-doit:0.9.9:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-3151 |
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. Published: February 27, 2021; 12:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-13826 |
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. Published: August 19, 2020; 9:17:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-13825 |
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. Published: August 19, 2020; 9:17:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-1010248 |
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1. Published: July 18, 2019; 2:15:12 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |