6 matches found
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
EUVD-2023-49844
Malicious code in bioql PyPI...
CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting XSS vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to execute JavaScript in an environment where the victim was attempting to authenticate...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over a victim's account by registering its FIDO authenticator to that account...