7 matches found
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17114
creationtimestamp| type| source ---|---|--- 2024-01-16 14:11:26+00:00| seen| https://t.me/ctinow/168807...
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF Vulnerabilities
WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. WiKID Systems 2FA Enterprise Serverversion 4.2.0-b2032 and earlier was found to be vulnerable to multiple Cross-Site Scripting, SQLi, an...
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF
WiKID Systems 2FA Enterprise Serverversion 4.2.0-b2032 and earlier was found to be vulnerable to multiple Cross-Site Scripting, SQLi, and CSRF issues. searchDevices.jsp is vulnerable to SQL injection through the uid and domain parameters. The application uses Postgres which supports Stacked...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17114
WiKID Systems 2FA Enterprise Server (up to 4.2.0-b2047) is affected by a stored and reflected XSS in the web interface. The vulnerability arises in /WiKIDAdmin/userPreregistration.jsp via the preRegistrationData parameter: a reflected XSS occurs after a .csv upload, and the malicious script is st...