Known Vulnerabilities for products from I-doit
Listed below are 15 of the newest known vulnerabilities associated with the vendor "I-doit".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-31751 json | Not Provided | 2025-04-01 | 2026-04-23 | |
| CVE-2025-31750 json | Not Provided | 2025-04-01 | 2026-04-23 | |
| CVE-2023-46003 json | I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | 5.4 - MEDIUM | 2023-10-21 | 2023-11-07 |
| CVE-2023-37756 json | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. At... | 9.8 - CRITICAL | 2023-09-14 | 2023-11-07 |
| CVE-2023-37755 json | i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and ther... | 9.8 - CRITICAL | 2023-09-14 | 2023-11-07 |
| CVE-2023-37739 json | i-doit Pro v25 and below was discovered to be vulnerable to path traversal. | 6.5 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-34830 json | i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on t... | 5.4 - MEDIUM | 2023-06-27 | 2023-11-07 |
| CVE-2021-3151 json | i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers ... | 5.4 - MEDIUM | 2021-02-27 | 2021-06-03 |
| CVE-2020-13826 json | A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitra... | 8.8 - HIGH | 2020-08-20 | 2021-07-21 |
| CVE-2020-13825 json | A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML vi... | 6.1 - MEDIUM | 2020-08-20 | 2020-08-24 |
| CVE-2019-1010248 json | Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. Th... | 9.8 - CRITICAL | 2019-07-18 | 2019-07-23 |
| CVE-2019-6965 json | An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. | 6.1 - MEDIUM | 2019-06-18 | 2019-06-18 |
| CVE-2018-20159 json | i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an ... | 7.2 - HIGH | 2018-12-15 | 2019-01-07 |
| CVE-2014-2231 json | Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arb... | Not Provided | 2014-02-27 | 2026-04-29 |
| CVE-2014-1597 json | SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote att... | Not Provided | 2014-02-27 | 2026-04-29 |
| CVE-2014-1237 json | Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web ... | Not Provided | 2014-02-11 | 2026-04-29 |
| CVE-2013-1413 json | Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit p... | Not Provided | 2014-02-11 | 2026-04-29 |
Known software with vulnerabilities from I-doit
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | I-doit | I-doit | - |