Published: 31/03/2020 Updated: 12/02/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dogtagpki dogtagpki
redhat certificate system 10.0

Debian Bug report logs - #1014855 dogtag-pki: CVE-2019-10180 Package: src:dogtag-pki; Maintainer for src:dogtag-pki is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 13 Jul 2022 09:27:04 UTC Severity: important Tags: security Reply or ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014855 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10180

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect