VYPR

Idoit Pro

by Synetics

CVEs (5)

  • CVE-2024-8750Sep 12, 2024
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).

  • CVE-2024-8749Sep 12, 2024
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the…

  • CVE-2014-2231Feb 27, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.

  • CVE-2014-1237Feb 11, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.

  • CVE-2013-1413Feb 11, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.