Domoticz
by Domoticz
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21990 | Hig | 0.49 | 7.5 | 0.02 | Apr 29, 2021 | Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to… | ||
| CVE-2026-1001 | Med | 0.31 | 4.8 | 0.00 | Mar 25, 2026 | Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or… | ||
| CVE-2019-10678 | Hig | 0.04 | 7.5 | 0.17 | Mar 31, 2019 | Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. | ||
| CVE-2019-10664 | Cri | 0.04 | 9.8 | 0.08 | Mar 31, 2019 | Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | ||
| CVE-2019-15480 | Med | 0.00 | 5.4 | 0.01 | Aug 23, 2019 | Domoticz 4.10717 has XSS via item.Name. |
- risk 0.49cvss 7.5epss 0.02
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to…
- risk 0.31cvss 4.8epss 0.00
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or…
- risk 0.04cvss 7.5epss 0.17
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
- risk 0.04cvss 9.8epss 0.08
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
- risk 0.00cvss 5.4epss 0.01
Domoticz 4.10717 has XSS via item.Name.