43 matches found
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
EUVD-2023-49844
Malicious code in bioql PyPI...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
PT-2024-13168 · Veridium · Veridiumid
Name of the Vulnerable Software and Affected Versions: VeridiumID versions prior to 3.5.0 Description: The issue allows an internal unauthenticated attacker, who can pass enrollment verifications and is allowed to enroll a FIDO key, to register their FIDO authenticator to a victim's account,...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
CVE-2023-44038
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...