Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10178

Опубликовано: 03 фев. 2020
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Certificate System 10pki-coreAffected
Red Hat Certificate System 9.4 EUSidm-console-frameworkFixedRHSA-2021:094823.03.2021
Red Hat Certificate System 9.4 EUSpki-consoleFixedRHSA-2021:094823.03.2021
Red Hat Certificate System 9.4 EUSpki-coreFixedRHSA-2021:094823.03.2021
Red Hat Certificate System 9.4 EUSredhat-pki-themeFixedRHSA-2021:094823.03.2021
Red Hat Certificate System 9.7pki-coreFixedRHSA-2021:094722.03.2021
Red Hat Certificate System 9.7redhat-pki-themeFixedRHSA-2021:094722.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1719042pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab

EPSS

Процентиль: 82%
0.01726
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10178

CVSS3: 4.6
ubuntu
почти 6 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

nvd логотип

CVE-2019-10178

CVSS3: 4.6
nvd
почти 6 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

debian логотип

CVE-2019-10178

CVSS3: 4.6
debian
почти 6 лет назад

It was found that the Token Processing Service (TPS) did not properly ...

github логотип

GHSA-49c6-93gp-7jrp

CVSS3: 6.1
github
больше 3 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

EPSS

Процентиль: 82%
0.01726
Низкий

4.6 Medium

CVSS3