CVE-2019-17119
- EPSS 0.63%
- Veröffentlicht 17.10.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:43
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
CVE-2019-16917
- EPSS 0.66%
- Veröffentlicht 17.10.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:20
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the build...
CVE-2019-17114
- EPSS 1.04%
- Veröffentlicht 17.10.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:43
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData paramet...
CVE-2019-17115
- EPSS 1.04%
- Veröffentlicht 17.10.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:43
Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved ...
CVE-2019-17116
- EPSS 1.04%
- Veröffentlicht 17.10.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:43
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the re...