43 matches found
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
EUVD-2023-49844
Malicious code in bioql PyPI...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to execute JavaScript in an environment where the victim was attempting to authenticate...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over a victim's account by registering its FIDO authenticator to that account...
PT-2024-13251 · Veridium · Veridiumid
Name of the Vulnerable Software and Affected Versions: VeridiumID versions prior to 3.5.0 Description: A stored cross-site scripting issue has been found in the admin portal of the affected software. This allows an authenticated attacker to potentially take over all accounts by sending malicious...