Published: 28/05/2021 Updated: 08/06/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dogtagpki dogtagpki 10.9.0

Debian Bug report logs - #988153 CVE-2020-25715 Package: dogtag-pki; Maintainer for dogtag-pki is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for dogtag-pki is src:dogtag-pki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 6 May 2021 17:51:02 UTC Severit ...

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page An attacker could inject a specially crafted value that will be executed on the victim's browser (CVE-2019-10146) It was found that the Key Recovery Authority (KRA) Agent Se ...

A flaw was found in pki-core A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed The highest threat from this vulnerability is to data integrity ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=1891016 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988153 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1630.html

CVE-2020-25715

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect