VYPR

Domoticz

by Domoticz

Source repositories

CVEs (5)

  • CVE-2020-21990HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.02

    Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to…

  • CVE-2026-1001MedMar 25, 2026
    risk 0.31cvss 4.8epss 0.00

    Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or…

  • CVE-2019-10678HigMar 31, 2019
    risk 0.04cvss 7.5epss 0.17

    Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

  • CVE-2019-10664CriMar 31, 2019
    risk 0.04cvss 9.8epss 0.08

    Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.

  • CVE-2019-15480MedAug 23, 2019
    risk 0.00cvss 5.4epss 0.01

    Domoticz 4.10717 has XSS via item.Name.