Vulnerabilities > Vasco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2015-7349 | Cross-site Scripting vulnerability in Vasco Digipass Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | 4.3 |
| 2014-01-13 | CVE-2013-7292 | Improper Authentication vulnerability in Vasco Identikey Authentication Server 3.4 VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password. | 3.5 |