Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro | Third Party Advisory |
Configurations
History
18 Sep 2024, 20:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-synetics-idoit-pro - Third Party Advisory | |
First Time |
I-doit i-doit
I-doit |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
Summary |
|
|
CPE | cpe:2.3:a:i-doit:i-doit:28:*:*:*:pro:*:*:* |
12 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-12 12:15
Updated : 2024-09-18 20:38
NVD link : CVE-2024-8750
Mitre link : CVE-2024-8750
CVE.ORG link : CVE-2024-8750
JSON object : View
Products Affected
i-doit
- i-doit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')