← Back

CVE-2019-17120

nvd nist
Published: Oct 17, 2019Modified: Jun 17, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.

Affected (46)

Wikidsystems
1 product
2fa Enterprise Server
Configuration A
46 vulnerable
Vulnerable SoftwareAffected Versions
Wikidsystems
2fa Enterprise Server
Version 3.4.81 b676
2fa Enterprise Server
Version 3.4.85 b780
2fa Enterprise Server
Version 3.4.87 b1092
2fa Enterprise Server
Version 3.4.87 b1159
2fa Enterprise Server
Version 3.4.87 b1169
2fa Enterprise Server
Version 3.4.87 b1216
2fa Enterprise Server
Version 3.4.87 b824
2fa Enterprise Server
Version 3.4.87 b839
2fa Enterprise Server
Version 3.5.0 b1342
2fa Enterprise Server
Version 3.5.0 b1352
2fa Enterprise Server
Version 3.5.0 b1359
2fa Enterprise Server
Version 3.5.0 b1373
2fa Enterprise Server
Version 3.5.0 b1403
2fa Enterprise Server
Version 3.5.0 b1411
2fa Enterprise Server
Version 3.5.0 b1421
2fa Enterprise Server
Version 3.5.0 b1428
2fa Enterprise Server
Version 3.5.0 b1438
2fa Enterprise Server
Version 3.5.0 b1472
2fa Enterprise Server
Version 3.5.0 b1542
2fa Enterprise Server
Version 3.5.0 b1580
2fa Enterprise Server
Version 3.6.0 b1659
2fa Enterprise Server
Version 3.6.0 b1672
2fa Enterprise Server
Version 4.0.1 b1817
2fa Enterprise Server
Version 4.0.1 b1821
2fa Enterprise Server
Version 4.0.1 b1905
2fa Enterprise Server
Version 4.0.1 b1906
2fa Enterprise Server
Version 4.0.2 b1917
2fa Enterprise Server
Version 4.0.2 b1921
2fa Enterprise Server
Version 4.0 b1787
2fa Enterprise Server
Version 4.0 b1798
2fa Enterprise Server
Version 4.0 b1803
2fa Enterprise Server
Version 4.1.0 b1926
2fa Enterprise Server
Version 4.1.0 b1941
2fa Enterprise Server
Version 4.1.0 b1949
2fa Enterprise Server
Version 4.1.0 b1955
2fa Enterprise Server
Version 4.2.0 b1978
2fa Enterprise Server
Version 4.2.0 b1981
2fa Enterprise Server
Version 4.2.0 b1984
2fa Enterprise Server
Version 4.2.0 b2007
2fa Enterprise Server
Version 4.2.0 b2014
2fa Enterprise Server
Version 4.2.0 b2016
2fa Enterprise Server
Version 4.2.0 b2020
2fa Enterprise Server
Version 4.2.0 b2023
2fa Enterprise Server
Version 4.2.0 b2028
2fa Enterprise Server
Version 4.2.0 b2032
2fa Enterprise Server
Version 4.2.0 b2047

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.