Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by wikidsystems
CVE-2019-17120 (GCVE-0-2019-17120)
Vulnerability from cvelistv5 – Published: 2019-10-17 18:10 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17120",
"datePublished": "2019-10-17T18:10:16.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17119 (GCVE-0-2019-17119)
Vulnerability from cvelistv5 – Published: 2019-10-17 18:08 – Updated: 2024-08-05 01:33
VLAI
Summary
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17119",
"datePublished": "2019-10-17T18:08:05.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17118 (GCVE-0-2019-17118)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:59 – Updated: 2024-08-05 01:33
VLAI
Summary
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/ | x_refsource_MISC |
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/"
},
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17118",
"datePublished": "2019-10-17T17:59:50.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17117 (GCVE-0-2019-17117)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:50 – Updated: 2024-08-05 01:33
VLAI
Summary
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17117",
"datePublished": "2019-10-17T17:50:11.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17116 (GCVE-0-2019-17116)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:47 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17116",
"datePublished": "2019-10-17T17:47:50.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17115 (GCVE-0-2019-17115)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:46 – Updated: 2024-08-05 01:33
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17115",
"datePublished": "2019-10-17T17:46:09.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17114 (GCVE-0-2019-17114)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:44 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17114",
"datePublished": "2019-10-17T17:44:18.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16917 (GCVE-0-2019-16917)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:42 – Updated: 2024-08-05 01:24
VLAI
Summary
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16917",
"datePublished": "2019-10-17T17:42:46.000Z",
"dateReserved": "2019-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4763 (GCVE-0-2008-4763)
Vulnerability from cvelistv5 – Published: 2008-10-28 01:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28740 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4514 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/490768/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4763",
"datePublished": "2008-10-28T01:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17120 (GCVE-0-2019-17120)
Vulnerability from nvd – Published: 2019-10-17 18:10 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17120",
"datePublished": "2019-10-17T18:10:16.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17119 (GCVE-0-2019-17119)
Vulnerability from nvd – Published: 2019-10-17 18:08 – Updated: 2024-08-05 01:33
VLAI
Summary
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17119",
"datePublished": "2019-10-17T18:08:05.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17118 (GCVE-0-2019-17118)
Vulnerability from nvd – Published: 2019-10-17 17:59 – Updated: 2024-08-05 01:33
VLAI
Summary
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/ | x_refsource_MISC |
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/"
},
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17118",
"datePublished": "2019-10-17T17:59:50.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17117 (GCVE-0-2019-17117)
Vulnerability from nvd – Published: 2019-10-17 17:50 – Updated: 2024-08-05 01:33
VLAI
Summary
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17117",
"datePublished": "2019-10-17T17:50:11.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17116 (GCVE-0-2019-17116)
Vulnerability from nvd – Published: 2019-10-17 17:47 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17116",
"datePublished": "2019-10-17T17:47:50.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17115 (GCVE-0-2019-17115)
Vulnerability from nvd – Published: 2019-10-17 17:46 – Updated: 2024-08-05 01:33
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17115",
"datePublished": "2019-10-17T17:46:09.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17114 (GCVE-0-2019-17114)
Vulnerability from nvd – Published: 2019-10-17 17:44 – Updated: 2024-08-05 01:33
VLAI
Summary
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17114",
"datePublished": "2019-10-17T17:44:18.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16917 (GCVE-0-2019-16917)
Vulnerability from nvd – Published: 2019-10-17 17:42 – Updated: 2024-08-05 01:24
VLAI
Summary
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/wikid-2fa-en… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/35 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/154912/WiKID… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-19T17:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"name": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16917",
"datePublished": "2019-10-17T17:42:46.000Z",
"dateReserved": "2019-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4763 (GCVE-0-2008-4763)
Vulnerability from nvd – Published: 2008-10-28 01:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28740 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4514 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/490768/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28740"
},
{
"name": "4514",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4514"
},
{
"name": "wikid-wclient-phpself-xss(41791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41791"
},
{
"name": "20080411 WiKID wClient-PHP \u003c= 3.0-2 Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490768/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4763",
"datePublished": "2008-10-28T01:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}