73 matches found
CVE-2019-17117
CVE-2019-17117 concerns a SQL injection in WiKID 2FA Enterprise Server (via processPref.jsp) up to version 4.2.0-b2053. An authenticated user can execute arbitrary SQL commands by supplying a crafted value for the key parameter, exploiting the lack of input validation in processPref.jsp. The vuln...
CVE-2019-17116
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...
CVE-2019-17116
WiKID 2FA Enterprise Server (versions up to 4.2.0-b2047) is affected by a stored and reflected XSS vulnerability in /WiKIDAdmin/groups.jsp, where the groupName parameter triggers immediate reflected XSS after group creation and the script is stored for execution on subsequent visits. This CVE des...
CVE-2019-17115
CVE-2019-17115 concerns WiKID Systems 2FA Enterprise Server (through 4.2.0-b2047). The vulnerability is a stored cross-site scripting (XSS) in which the rendered_message field is retrieved and displayed unsanitized on Logs.jsp. An attacker can remotely populate rendered_message via multiple param...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17114
WiKID Systems 2FA Enterprise Server (up to 4.2.0-b2047) is affected by a stored and reflected XSS in the web interface. The vulnerability arises in /WiKIDAdmin/userPreregistration.jsp via the preRegistrationData parameter: a reflected XSS occurs after a .csv upload, and the malicious script is st...
CVE-2019-16917
WiKID Enterprise 2FA Enterprise Server (up to 4.2.0-b2047) is affected by an SQL injection in searchDevices.jsp. The uid and domain parameters are unsanitized and used in a SQL query built in buildSearchWhereClause, enabling arbitrary SQL execution as described by multiple sources. Public details...
CVE-2019-16917
WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...
CVE-2008-4763
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
CVE-2008-4763
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
CVE-2008-4763
CVE-2008-4763 describes multiple cross-site scripting (XSS) vulnerabilities in the sample.php of WiKID wClient-PHP 3.0-2 and earlier, allowing remote attackers to inject arbitrary scripts via the PHP_SELF variable. Affected software: WiKID wClient-PHP 3.0-2 and earlier. Underlying cause: unsaniti...
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities
WiKID wClient-PHP = 3.0-2 Multiple XSS Vulnerabilities Name Multiple Vulnerabilities in wClient-PHP Systems Affected wClient-PHP 3.0-2 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:C/I:N/A:N Vendor http://www.wikidsystems.com/ Advisory...