CVE-2013-1413

I-doit < 1.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[Vendor Advisory] http://secunia.com/advisories/52415

[Vendor Advisory] http://secunia.com/advisories/56834

[Various Sources] http://www.csnc.ch/en/modules/news/news_0076.html_533560828.html

[Mailing List] http://seclists.org/fulldisclosure/2013/Mar/0

Scores

EPSS 0.0031

EPSS Percentile 53.9%

Details

CWE

CWE-79

Status published

Products (4)

i-doit/i-doit < 1.0

i-doit/i-doit

n/a/n/a

Published Feb 11, 2014

Tracked Since Feb 18, 2026