Lucene search
+L

73 matches found

CNVD
CNVD
added 2019/10/24 12:0 a.m.4 views

WiKID Systems 2FA Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2019-43369)

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server 4.2.0-b2047 and prior versions. The vulnerability stems from a WEB application lacking proper authentication of client data...

6.1CVSS6.6AI score0.01659EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.8 views

WiKID Systems 2FA Enterprise Server Cross-Site Request Forgery Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site request forgery vulnerability exists in WiKID 2FA Enterprise Server version 4.2.0-b2053 and earlier. The vulnerability stems from a WEB application that does not adequately validate tha...

8.8CVSS7AI score0.00937EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.6 views

WiKID Systems 2FA Enterprise Server SQL Injection Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A SQL injection vulnerability exists in the processPref.jsp file in WiKID 2FA Enterprise Server 4.2.0-b2053 and prior versions. The vulnerability stems from a database-based application that lacks...

8.8CVSS8.3AI score0.01749EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.10 views

WiKID Systems 2FA Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2019-43367)

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site scripting vulnerability exists in WiKID Systems 2FA Enterprise Server, which can be exploited by an attacker to inject malicious script or HTML code, which can be used to obtain sensiti...

6.1CVSS6AI score0.01659EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.5 views

WiKID Systems 2FA Enterprise Server searchDevices.jsp SQL Injection Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A SQL injection vulnerability exists in WiKID Systems 2FA Enterprise Server searchDevices.jsp, which can be exploited by an attacker to submit a specially crafted SQL request to manipulate a databas...

8.8CVSS8.3AI score0.02143EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.6 views

WiKID Systems 2FA Enterprise Server Cross-Site Scripting Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server 4.2.0-b2047 and prior versions. The vulnerability stems from a WEB application lacking proper authentication of client data...

6.1CVSS6.6AI score0.01659EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/18 12:0 a.m.3 views

WiKID Systems 2FA Enterprise Server SQL Injection Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A SQL injection vulnerability exists in the Logs.jsp file in WiKID 2FA Enterprise Server 4.2.0-b2053 and prior versions. The vulnerability stems from a lack of validation of externally entered SQL...

8.8CVSS8.4AI score0.01749EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2019/10/18 12:0 a.m.238 views

WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF

WiKID Systems 2FA Enterprise Serverversion 4.2.0-b2032 and earlier was found to be vulnerable to multiple Cross-Site Scripting, SQLi, and CSRF issues. searchDevices.jsp is vulnerable to SQL injection through the uid and domain parameters. The application uses Postgres which supports Stacked...

0.4AI score0.49955EPSS
Exploits10
CNVD
CNVD
added 2019/10/18 12:0 a.m.4 views

WiKID Systems 2FA Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2019-43370)

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server 4.2.0-b2047 and prior versions. The vulnerability stems from a WEB application lacking proper authentication of client data...

6.1CVSS6.6AI score0.49955EPSS
Exploits3References1
NVD
NVD
added 2019/10/17 7:15 p.m.14 views

CVE-2019-17120

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...

6.1CVSS6AI score0.49955EPSS
Exploits3References3
OSV
OSV
added 2019/10/17 7:15 p.m.6 views

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

8.8CVSS7.6AI score0.01749EPSS
Exploits3References3
NVD
NVD
added 2019/10/17 7:15 p.m.17 views

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

8.8CVSS9.3AI score0.01749EPSS
Exploits3References3
OSV
OSV
added 2019/10/17 7:15 p.m.5 views

CVE-2019-17120

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...

6.1CVSS6.4AI score0.49955EPSS
Exploits3References3
Prion
Prion
added 2019/10/17 7:15 p.m.19 views

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...

4.3CVSS5.9AI score0.49955EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2019/10/17 7:15 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

6.5CVSS9.2AI score0.01749EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2019/10/17 6:15 p.m.4 views

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

8.8CVSS7.3AI score0.02143EPSS
Exploits3References3
NVD
NVD
added 2019/10/17 6:15 p.m.24 views

CVE-2019-17116

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

6.1CVSS6AI score0.01659EPSS
Exploits3References3
OSV
OSV
added 2019/10/17 6:15 p.m.3 views

CVE-2019-17114

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

6.1CVSS5.8AI score0.01659EPSS
Exploits3References3
NVD
NVD
added 2019/10/17 6:15 p.m.21 views

CVE-2019-17114

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

6.1CVSS6AI score0.01659EPSS
Exploits3References3
NVD
NVD
added 2019/10/17 6:15 p.m.20 views

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

8.8CVSS8.9AI score0.02143EPSS
Exploits3References3
Rows per page
Query Builder