Jeedom ≫ Jeedom

In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.

Jeedom through 4.0.38 allows XSS.