Lucene search
+L

73 matches found

nvd
nvd
added 2019/10/17 6:15 p.m.20 views

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

8.8CVSS8.6AI score0.00937EPSS
Exploits3References4
nvd
nvd
added 2019/10/17 6:15 p.m.14 views

CVE-2019-17117

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...

8.8CVSS9AI score0.01749EPSS
Exploits3References3
osv
osv
added 2019/10/17 6:15 p.m.6 views

CVE-2019-17115

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

6.1CVSS6.4AI score0.01659EPSS
Exploits3References3
osv
osv
added 2019/10/17 6:15 p.m.3 views

CVE-2019-17117

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...

8.8CVSS7.6AI score0.01749EPSS
Exploits3References3
osv
osv
added 2019/10/17 6:15 p.m.3 views

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

8.8CVSS7.3AI score0.02143EPSS
Exploits3References3
osv
osv
added 2019/10/17 6:15 p.m.5 views

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

8.8CVSS7.3AI score0.00937EPSS
Exploits3References4
nvd
nvd
added 2019/10/17 6:15 p.m.21 views

CVE-2019-17114

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

6.1CVSS6AI score0.01659EPSS
Exploits3References3
prion
prion
added 2019/10/17 6:15 p.m.25 views

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

4.3CVSS5.9AI score0.01659EPSS
Exploits3References3Affected Software1
prion
prion
added 2019/10/17 6:15 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

4.3CVSS6AI score0.01659EPSS
Exploits3References3Affected Software1
prion
prion
added 2019/10/17 6:15 p.m.13 views

Sql injection

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...

6.5CVSS9AI score0.01749EPSS
Exploits3References3Affected Software1
prion
prion
added 2019/10/17 6:15 p.m.15 views

Cross site request forgery (csrf)

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

6.8CVSS8.5AI score0.00937EPSS
Exploits3References4Affected Software1
prion
prion
added 2019/10/17 6:15 p.m.17 views

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

4.3CVSS5.9AI score0.01659EPSS
Exploits3References3Affected Software1
prion
prion
added 2019/10/17 6:15 p.m.18 views

Sql injection

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

6.5CVSS8.9AI score0.02143EPSS
Exploits3References3Affected Software1
cve
cve
added 2019/10/17 6:10 p.m.58 views

CVE-2019-17120

The CVE-2019-17120 entry concerns a stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to version 4.2.0-b2047. The issue exists in /WiKIDAdmin/adm_usrs.jsp, where the usr parameter is vulnerable and the reflected XSS occurs immediately after user creat...

6.1CVSS5.9AI score0.49955EPSS
Exploits3References3Affected Software1
cvelist
cvelist
added 2019/10/17 6:10 p.m.18 views

CVE-2019-17120

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...

6AI score0.49955EPSS
Exploits3References3
cve
cve
added 2019/10/17 6:8 p.m.57 views

CVE-2019-17119

CVE-2019-17119 affects WiKID Systems 2FA Enterprise Server. The vulnerability resides in Logs.jsp and allows authenticated users to execute arbitrary SQL commands via the source or subString parameters, with affected versions up to 4.2.0-b2053. Documented impacts include multi-statement SQL execu...

8.8CVSS9.2AI score0.01749EPSS
Exploits3References3Affected Software1
cvelist
cvelist
added 2019/10/17 6:8 p.m.19 views

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

9.3AI score0.01749EPSS
Exploits3References3
cvelist
cvelist
added 2019/10/17 5:59 p.m.24 views

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

8.6AI score0.00937EPSS
Exploits3References4
cve
cve
added 2019/10/17 5:59 p.m.62 views

CVE-2019-17118

WiKID Systems 2FA Enterprise Server (versions up to 4.2.0-b2053) has a CSRF vulnerability that can be exploited to coerce an authenticated user into performing unintended actions, including creating or deleting admin users, creating or deleting groups, and creating, deleting, enabling, or disabli...

8.8CVSS8.4AI score0.00937EPSS
Exploits3References4Affected Software1
cvelist
cvelist
added 2019/10/17 5:50 p.m.15 views

CVE-2019-17117

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...

9.1AI score0.01749EPSS
Exploits3References3
Rows per page
Query Builder