Vulnerability Description
Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| I-Doit | I-Doit | <= 1.2.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/102910
- http://packetstormsecurity.com/files/125062
- http://seclists.org/fulldisclosure/2014/Feb/26
- http://secunia.com/advisories/56802
- http://secunia.com/advisories/56834Vendor Advisory
- http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripti
- http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=136Vendor Advisory
- http://www.securityfocus.com/bid/65353
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90969
- http://osvdb.org/102910
- http://packetstormsecurity.com/files/125062
- http://seclists.org/fulldisclosure/2014/Feb/26
- http://secunia.com/advisories/56802
- http://secunia.com/advisories/56834Vendor Advisory
- http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripti
FAQ
What is CVE-2014-1237?
CVE-2014-1237 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.
How severe is CVE-2014-1237?
CVE-2014-1237 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1237?
Check the references section above for vendor advisories and patch information. Affected products include: I-Doit I-Doit.