Описание
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-4543
- https://bugzilla.redhat.com/show_bug.cgi?id=864397
- http://rhn.redhat.com/errata/RHSA-2012-1550.html
- http://rhn.redhat.com/errata/RHSA-2013-0511.html
- http://secunia.com/advisories/51482
- http://www.securityfocus.com/bid/56843
- http://www.securitytracker.com/id?1027846
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.
ELSA-2013-0511: pki-core security, bug fix and enhancement update (MODERATE)