Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2020-25715

Related Vulnerabilities: CVE-2020-25715  

A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Source

Description

A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Mitigation

Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.

Additional Information

  • Bugzilla 1891016: CVE-2020-25715 pki-core: XSS in the certificate search results
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • FAQ: Frequently asked questions about CVE-2020-25715

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started