CVE-2023-45552

In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...

EUVD-2023-49844

Malicious code in bioql PyPI...

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...

CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...

VeridiumID 安全漏洞

VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over a victim's account by registering its FIDO authenticator to that account...

VeridiumID 安全漏洞

VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to execute JavaScript in an environment where the victim was attempting to authenticate...