Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2019-17120
HistoryOct 17, 2019 - 7:15 p.m.

CVE-2019-17120

2019-10-1719:15:10
CWE-79
mitre
web.nvd.nist.gov
35
cve-2019-17120
wikid
2fa
enterprise server
xss
vulnerability
remote code execution
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.012

Percentile

85.4%

JSON

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.

Affected configurations

Nvd
Node
wikidsystems2fa_enterprise_serverMatch3.4.81b676
OR
wikidsystems2fa_enterprise_serverMatch3.4.85b780
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b1092
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b1159
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b1169
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b1216
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b824
OR
wikidsystems2fa_enterprise_serverMatch3.4.87b839
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1342
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1352
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1359
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1373
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1403
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1411
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1421
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1428
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1438
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1472
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1542
OR
wikidsystems2fa_enterprise_serverMatch3.5.0b1580
OR
wikidsystems2fa_enterprise_serverMatch3.6.0b1659
OR
wikidsystems2fa_enterprise_serverMatch3.6.0b1672
OR
wikidsystems2fa_enterprise_serverMatch4.0b1787
OR
wikidsystems2fa_enterprise_serverMatch4.0b1798
OR
wikidsystems2fa_enterprise_serverMatch4.0b1803
OR
wikidsystems2fa_enterprise_serverMatch4.0.1b1817
OR
wikidsystems2fa_enterprise_serverMatch4.0.1b1821
OR
wikidsystems2fa_enterprise_serverMatch4.0.1b1905
OR
wikidsystems2fa_enterprise_serverMatch4.0.1b1906
OR
wikidsystems2fa_enterprise_serverMatch4.0.2b1917
OR
wikidsystems2fa_enterprise_serverMatch4.0.2b1921
OR
wikidsystems2fa_enterprise_serverMatch4.1.0b1926
OR
wikidsystems2fa_enterprise_serverMatch4.1.0b1941
OR
wikidsystems2fa_enterprise_serverMatch4.1.0b1949
OR
wikidsystems2fa_enterprise_serverMatch4.1.0b1955
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b1978
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b1981
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b1984
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2007
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2014
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2016
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2020
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2023
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2028
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2032
OR
wikidsystems2fa_enterprise_serverMatch4.2.0b2047
VendorProductVersionCPE
wikidsystems2fa_enterprise_server3.4.81cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.81:b676:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.85cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.85:b780:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1092:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1159:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1169:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1216:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b824:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.4.87cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b839:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.5.0cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1342:*:*:*:*:*:*
wikidsystems2fa_enterprise_server3.5.0cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1352:*:*:*:*:*:*
Rows per page:
1-10 of 461

Related

nvd 1
cvelist 1
prion 1
zdt 1
packetstorm 1
nvd
nvd
CVE-2019-17120
2019-10-17 19:15:10
cvelist
cvelist
CVE-2019-17120
2019-10-17 18:10:16
prion
prion
Cross site scripting
2019-10-17 19:15:00
zdt
zdt
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF Vulnerabilities
2019-10-22 00:00:00
packetstorm
packetstorm
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF
2019-10-18 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.012

Percentile

85.4%

JSON
Related for CVE-2019-17120
nvd1cvelist1prion1zdt1packetstorm1