Lucene search

2fa Enterprise Server Security Vulnerabilities

cve

CVE-2019-17120

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately...

6.1CVSS

5.3AI Score

0.034EPSS

2019-10-17 07:15 PM

cve

CVE-2019-17117

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key...

8.8CVSS

9AI Score

0.009EPSS

2019-10-17 06:15 PM

cve

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or...

8.8CVSS

6.6AI Score

0.007EPSS

2019-10-17 06:15 PM