Published: 20/03/2020 Updated: 12/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 7.0
redhat enterprise linux 8.0
dogtagpki dogtagpki

Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page An attacker could inject a specially crafted value that will be executed on the victim's browser (CVE-2019-10146) It was found that the Key Recovery Authority (KRA) Agent Se ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4847 https://alas.aws.amazon.com/AL2/ALAS-2021-1630.html

CVE-2019-10179

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect