Domoticz: Security Vulnerabilities
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
CVSS Score
7.5
EPSS Score
0.01
Published
2021-04-29
Domoticz 4.10717 has XSS via item.Name.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-23
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
CVSS Score
7.5
EPSS Score
0.146
Published
2019-03-31
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
CVSS Score
9.8
EPSS Score
0.027
Published
2019-03-31