XSS vulnerability in idiot pro version 28

CVE-2024-8750

6.1MEDIUM

Key Information

Vendor: Synetics
Status: Idoit Pro
Vendor: CVE Published:; 12 September 2024

Summary

Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).

Affected Version(s)

Idoit pro = 28

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved.
Sep 12, 2024
Vulnerability published.
Sep 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

Adriá Bonilla Martin

Héctor de armas