73 matches found
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...
CVE-2019-16917
WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
Cross site scripting
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
Sql injection
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...
Cross site request forgery (csrf)
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
Cross site scripting
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
Sql injection
WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...
CVE-2019-17120
The CVE-2019-17120 entry concerns a stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to version 4.2.0-b2047. The issue exists in /WiKIDAdmin/adm_usrs.jsp, where the usr parameter is vulnerable and the reflected XSS occurs immediately after user creat...
CVE-2019-17120
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...
CVE-2019-17119
CVE-2019-17119 affects WiKID Systems 2FA Enterprise Server. The vulnerability resides in Logs.jsp and allows authenticated users to execute arbitrary SQL commands via the source or subString parameters, with affected versions up to 4.2.0-b2053. Documented impacts include multi-statement SQL execu...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17118
WiKID Systems 2FA Enterprise Server (versions up to 4.2.0-b2053) has a CSRF vulnerability that can be exploited to coerce an authenticated user into performing unintended actions, including creating or deleting admin users, creating or deleting groups, and creating, deleting, enabling, or disabli...
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...