Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-10178

Опубликовано: 18 мар. 2020
Источник: ubuntu
Приоритет: low
CVSS2: 4.3
CVSS3: 4.6

Описание

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

eoan

ignored

end of life
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

not-affected

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

not-affected

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

4.6 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-10178

CVSS3: 4.6
redhat
около 6 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

nvd логотип

CVE-2019-10178

CVSS3: 4.6
nvd
почти 6 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

debian логотип

CVE-2019-10178

CVSS3: 4.6
debian
почти 6 лет назад

It was found that the Token Processing Service (TPS) did not properly ...

github логотип

GHSA-49c6-93gp-7jrp

CVSS3: 6.1
github
больше 3 лет назад

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

4.3 Medium

CVSS2

4.6 Medium

CVSS3