Sismics Teedy

8 CVEs affecting Sismics Teedy. Latest disclosed: 2025-10-16. Critical: 3, High: 3.

Top CVEs affecting Sismics Teedy
CVESeverityScorePublishedSummary
CVE-2024-54852Critical9.82025-01-29When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper…
CVE-2022-22114Critical9.62022-01-10In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitiz…
CVE-2022-22115Critical9.02022-01-10In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitize…
CVE-2024-54851High8.82025-01-29Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
CVE-2024-46278High8.42024-10-07Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVE-2025-22963High7.52025-01-13Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
CVE-2025-11853Medium6.32025-10-16A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a m…
CVE-2023-4892Medium5.72023-09-25Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is po…