Sismics Teedy
8 CVEs affecting Sismics Teedy. Latest disclosed: 2025-10-16. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-54852 | Critical | 9.8 | 2025-01-29 | When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper… |
CVE-2022-22114 | Critical | 9.6 | 2022-01-10 | In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitiz… |
CVE-2022-22115 | Critical | 9.0 | 2022-01-10 | In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitize… |
CVE-2024-54851 | High | 8.8 | 2025-01-29 | Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. |
CVE-2024-46278 | High | 8.4 | 2024-10-07 | Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. |
CVE-2025-22963 | High | 7.5 | 2025-01-13 | Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. |
CVE-2025-11853 | Medium | 6.3 | 2025-10-16 | A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a m… |
CVE-2023-4892 | Medium | 5.7 | 2023-09-25 | Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is po… |