5 matches found
CVE-2014-2231
Cross-site scripting XSS vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title...
synetics i-doit pro API跨站脚本漏洞
BUGTRAQ ID:65957 CVE ID:CVE-2014-2231 Synetics i-doit是德国Synetics公司的一个基于Web的开源IT文档和CMDB(配置管理数据库),它能够记录IT系统及其变化的信息,同时针对系统变化制定应急方案,最终确保IT网络稳定、高效的运作。 synetics i-doit 1.2.5之前版本的的API存在跨站脚本漏洞,允许远程攻击者通过产权注入任意的web脚本或HTML。 0 synetics GmbH i-doit 1.2.4 synetics GmbH i-doit 1.1.1 synetics GmbH i-doit 1.1.2...
CVE-2014-2231
Cross-site scripting XSS vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title...
CVE-2014-2231
CVE-2014-2231 affects synetics i-doit pro API prior to 1.2.5, where an XSS flaw allows remote attackers to inject arbitrary web script/HTML via the title property. Affected: synetics i-doit pro before 1.2.5 (API component). Root cause: improper handling/validation of the title field in API input....
CVE-2014-2231
Cross-site scripting XSS vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title...