ReportizFlow
Filtered by vendor Veridiumid
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44040 | 1 Veridiumid | 1 Veridiumad | 2025-04-24 | 6.1 Medium |
| In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate. | ||||
| CVE-2023-45552 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | 6.5 Medium |
| In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal. | ||||
| CVE-2023-44039 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | 9.1 Critical |
| In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account. | ||||
| CVE-2023-44038 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | 6.5 Medium |
| In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack. | ||||
| CVE-2021-42791 | 1 Veridiumid | 1 Veridiumad | 2024-11-21 | 7.3 High |
| An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate. | ||||
Page 1 of 1.