A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to and including 4.2.0-b2047 allow remote malicious users to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
wikidsystems 2fa enterprise server 3.4.85 |
||
wikidsystems 2fa enterprise server 3.4.87 |
||
wikidsystems 2fa enterprise server 3.5.0 |
||
wikidsystems 2fa enterprise server 4.0 |
||
wikidsystems 2fa enterprise server 4.0.1 |
||
wikidsystems 2fa enterprise server 4.1.0 |
||
wikidsystems 2fa enterprise server 4.2.0 |
||
wikidsystems 2fa enterprise server 3.6.0 |
||
wikidsystems 2fa enterprise server 4.0.2 |
||
wikidsystems 2fa enterprise server 3.4.81 |
Vulmon