Leekenghwa

#8522of 53,635
32.2Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2023-29787
5.4
2023-10-21
Unknown · I-Doit Pro · CVE-2023-46003
**Name of the Vulnerable Software and Affected Versions** i-doit pro versions 25 and below **Description** The issue is related to Cross Site Scripting (XSS) and can be exploited via the `index.php` endpoint. This allows for potential malicious script injection. **Recommendations** For versions 25 and below, consider disabling access to the `index.php` endpoint until a fix is available. As a temporary workaround, restrict the use of user-inputted data in the `index.php` endpoint to minimize the risk of exploitation.
PT-2023-25017
5.4
2023-06-17
Unknown · I-Doit Open · CVE-2023-34830
**Name of the Vulnerable Software and Affected Versions** i-doit Open version v24 **Description** A reflected cross-site scripting (XSS) issue was found in i-doit Open via the `timeout` parameter on the "/login" page. This allows for potential XSS attacks. **Recommendations** For i-doit Open version v24, consider disabling access to the login page or restricting the use of the `timeout` parameter until a fix is available. Avoid using the `timeout` parameter in the login page until the issue is resolved.
PT-2023-24506
8.8
2023-06-13
Unknown · Hoteldruid · CVE-2023-33817
**Name of the Vulnerable Software and Affected Versions** hoteldruid version 3.0.5 **Description** The issue is related to a SQL injection vulnerability. **Recommendations** For hoteldruid version 3.0.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-24912
5.4
2023-06-13
Unknown · Hoteldruid · CVE-2023-34537
**Name of the Vulnerable Software and Affected Versions** HotelDruid version 3.0.5 **Description** A Reflected XSS issue was discovered, allowing an attacker to issue malicious code or commands on an affected webpage's parameter. This can trick users on their browsers and/or exfiltrate data. **Recommendations** For HotelDruid version 3.0.5, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-20824
7.2
2023-04-12
Unknown · Textpattern · CVE-2023-26852
**Name of the Vulnerable Software and Affected Versions** Textpattern versions 4.8.8 and below **Description** An arbitrary file upload vulnerability in the upload plugin allows attackers to execute arbitrary code by uploading a crafted PHP file. **Recommendations** For Textpattern versions 4.8.8 and below, update to a version above 4.8.8 to resolve the issue. As a temporary workaround, consider disabling the upload plugin until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation.