Added |
CPE Configuration |
|
OR
*cpe:2.3:a:wikidsystems:two_factor_authentication_enterprise_server:*:*:*:*:*:*:*:* versions up to (including) 4.2.0-b2047 |
Added |
CVSS V2 |
|
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
Added |
CVSS V2 Metadata |
|
Victim must voluntarily interact with attack mechanism |
Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Added |
CWE |
|
NIST CWE-79 |
Changed |
Reference Type |
http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html No Types Assigned |
http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html Exploit, Third Party Advisory, VDB Entry |
Changed |
Reference Type |
http://seclists.org/fulldisclosure/2019/Oct/35 No Types Assigned |
http://seclists.org/fulldisclosure/2019/Oct/35 Exploit, Mailing List, Third Party Advisory |
Changed |
Reference Type |
https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting No Types Assigned |
https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting Exploit, Third Party Advisory |