Sismics Teedy
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sismics Teedy.
By the Year
In 2026 there have been 0 vulnerabilities in Sismics Teedy. Last year, in 2025 Teedy had 3 security vulnerabilities published. Right now, Teedy is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 6.30 |
| 2024 | 1 | 0.00 |
| 2023 | 1 | 4.60 |
| 2022 | 2 | 9.30 |
It may take a day or so for new Teedy vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sismics Teedy Security Vulnerabilities
Sismics Teedy <=1.11 Improper ACC via /api/file Endpoint
CVE-2025-11853
6.3 - Medium
- October 16, 2025
A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Authorization
Teedy <=1.12 CSRF Vulnerability
CVE-2024-54851
- January 29, 2025
Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
Unauthenticated LDAP Injection in Teedy 1.91.12: Username Field
CVE-2024-54852
- January 29, 2025
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
Teedy 1.11 XSS via Management Console (CVE-2024-46278)
CVE-2024-46278
- October 07, 2024
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
Teedy v1.11 Text Editor XSS via Custom HTML Tags
CVE-2023-4892
4.6 - Medium
- September 25, 2023
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
XSS
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag
CVE-2022-22115
9 - Critical
- January 10, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.
XSS
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS)
CVE-2022-22114
9.6 - Critical
- January 10, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victims browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sismics Teedy or by Sismics? Click the Watch button to subscribe.
