11 matches found
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
WiKID Systems 2FA Enterprise Server SQL Injection Vulnerability
WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A SQL injection vulnerability exists in the Logs.jsp file in WiKID 2FA Enterprise Server 4.2.0-b2053 and prior versions. The vulnerability stems from a lack of validation of externally entered SQL...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
Sql injection
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
CVE-2019-17119
CVE-2019-17119 affects WiKID Systems 2FA Enterprise Server. The vulnerability resides in Logs.jsp and allows authenticated users to execute arbitrary SQL commands via the source or subString parameters, with affected versions up to 4.2.0-b2053. Documented impacts include multi-statement SQL execu...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
CVE-2019-17115
CVE-2019-17115 concerns WiKID Systems 2FA Enterprise Server (through 4.2.0-b2047). The vulnerability is a stored cross-site scripting (XSS) in which the rendered_message field is retrieved and displayed unsanitized on Logs.jsp. An attacker can remotely populate rendered_message via multiple param...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...