Описание
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
A flaw was found in the pki-core's Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certificate System 10 | pki-core | Affected | ||
| Red Hat Certificate System 9.4 EUS | idm-console-framework | Fixed | RHSA-2021:0948 | 23.03.2021 |
| Red Hat Certificate System 9.4 EUS | pki-console | Fixed | RHSA-2021:0948 | 23.03.2021 |
| Red Hat Certificate System 9.4 EUS | pki-core | Fixed | RHSA-2021:0948 | 23.03.2021 |
| Red Hat Certificate System 9.4 EUS | redhat-pki-theme | Fixed | RHSA-2021:0948 | 23.03.2021 |
| Red Hat Certificate System 9.7 | pki-core | Fixed | RHSA-2021:0947 | 22.03.2021 |
| Red Hat Certificate System 9.7 | redhat-pki-theme | Fixed | RHSA-2021:0947 | 22.03.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
EPSS
4.6 Medium
CVSS3