Lucene search
+L

73 matches found

CVE
CVE
added 2019/10/17 5:50 p.m.62 views

CVE-2019-17117

CVE-2019-17117 concerns a SQL injection in WiKID 2FA Enterprise Server (via processPref.jsp) up to version 4.2.0-b2053. An authenticated user can execute arbitrary SQL commands by supplying a crafted value for the key parameter, exploiting the lack of input validation in processPref.jsp. The vuln...

8.8CVSS9AI score0.01749EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/10/17 5:47 p.m.14 views

CVE-2019-17116

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

6AI score0.01659EPSS
Exploits3References3
CVE
CVE
added 2019/10/17 5:47 p.m.54 views

CVE-2019-17116

WiKID 2FA Enterprise Server (versions up to 4.2.0-b2047) is affected by a stored and reflected XSS vulnerability in /WiKIDAdmin/groups.jsp, where the groupName parameter triggers immediate reflected XSS after group creation and the script is stored for execution on subsequent visits. This CVE des...

6.1CVSS5.9AI score0.01659EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/10/17 5:46 p.m.59 views

CVE-2019-17115

CVE-2019-17115 concerns WiKID Systems 2FA Enterprise Server (through 4.2.0-b2047). The vulnerability is a stored cross-site scripting (XSS) in which the rendered_message field is retrieved and displayed unsanitized on Logs.jsp. An attacker can remotely populate rendered_message via multiple param...

6.1CVSS6AI score0.01659EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/10/17 5:44 p.m.19 views

CVE-2019-17114

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

6AI score0.01659EPSS
Exploits3References3
CVE
CVE
added 2019/10/17 5:44 p.m.60 views

CVE-2019-17114

WiKID Systems 2FA Enterprise Server (up to 4.2.0-b2047) is affected by a stored and reflected XSS in the web interface. The vulnerability arises in /WiKIDAdmin/userPreregistration.jsp via the preRegistrationData parameter: a reflected XSS occurs after a .csv upload, and the malicious script is st...

6.1CVSS5.9AI score0.01659EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/10/17 5:42 p.m.57 views

CVE-2019-16917

WiKID Enterprise 2FA Enterprise Server (up to 4.2.0-b2047) is affected by an SQL injection in searchDevices.jsp. The uid and domain parameters are unsanitized and used in a SQL query built in buildSearchWhereClause, enabling arbitrary SQL execution as described by multiple sources. Public details...

8.8CVSS8.9AI score0.02143EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/10/17 5:42 p.m.22 views

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

9AI score0.02143EPSS
Exploits3References3
NVD
NVD
added 2008/10/28 2:3 a.m.19 views

CVE-2008-4763

Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...

4.3CVSS5.8AI score0.01033EPSS
Exploits0References4
Prion
Prion
added 2008/10/28 2:3 a.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/10/28 1:0 a.m.23 views

CVE-2008-4763

Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...

5.8AI score0.01033EPSS
Exploits0References4
CVE
CVE
added 2008/10/28 1:0 a.m.43 views

CVE-2008-4763

CVE-2008-4763 describes multiple cross-site scripting (XSS) vulnerabilities in the sample.php of WiKID wClient-PHP 3.0-2 and earlier, allowing remote attackers to inject arbitrary scripts via the PHP_SELF variable. Affected software: WiKID wClient-PHP 3.0-2 and earlier. Underlying cause: unsaniti...

4.3CVSS5.8AI score0.01033EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2008/04/14 12:0 a.m.63 views

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities

WiKID wClient-PHP = 3.0-2 Multiple XSS Vulnerabilities Name Multiple Vulnerabilities in wClient-PHP Systems Affected wClient-PHP 3.0-2 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:C/I:N/A:N Vendor http://www.wikidsystems.com/ Advisory...

0.1AI score
Exploits0
Rows per page
Query Builder