5 matches found
CVE-2019-17114
WiKID Systems 2FA Enterprise Server (up to 4.2.0-b2047) is affected by a stored and reflected XSS in the web interface. The vulnerability arises in /WiKIDAdmin/userPreregistration.jsp via the preRegistrationData parameter: a reflected XSS occurs after a .csv upload, and the malicious script is st...
CVE-2019-17115
CVE-2019-17115 concerns WiKID Systems 2FA Enterprise Server (through 4.2.0-b2047). The vulnerability is a stored cross-site scripting (XSS) in which the rendered_message field is retrieved and displayed unsanitized on Logs.jsp. An attacker can remotely populate rendered_message via multiple param...
CVE-2019-17119
CVE-2019-17119 affects WiKID Systems 2FA Enterprise Server. The vulnerability resides in Logs.jsp and allows authenticated users to execute arbitrary SQL commands via the source or subString parameters, with affected versions up to 4.2.0-b2053. Documented impacts include multi-statement SQL execu...
CVE-2019-16917
WiKID Enterprise 2FA Enterprise Server (up to 4.2.0-b2047) is affected by an SQL injection in searchDevices.jsp. The uid and domain parameters are unsanitized and used in a SQL query built in buildSearchWhereClause, enabling arbitrary SQL execution as described by multiple sources. Public details...
CVE-2019-17116
WiKID 2FA Enterprise Server (versions up to 4.2.0-b2047) is affected by a stored and reflected XSS vulnerability in /WiKIDAdmin/groups.jsp, where the groupName parameter triggers immediate reflected XSS after group creation and the script is stored for execution on subsequent visits. This CVE des...