Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-10180

Опубликовано: 31 мар. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 3.5
CVSS3: 2.4

Описание

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

eoan

ignored

end of life
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

not-affected

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 74%
0.00825
Низкий

3.5 Low

CVSS2

2.4 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-10180

CVSS3: 2.4
redhat
около 6 лет назад

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

nvd логотип

CVE-2019-10180

CVSS3: 2.4
nvd
почти 6 лет назад

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

debian логотип

CVE-2019-10180

CVSS3: 2.4
debian
почти 6 лет назад

A vulnerability was found in all pki-core 10.x.x version, where the To ...

github логотип

GHSA-3r6g-5p5v-m39h

CVSS3: 4.8
github
больше 3 лет назад

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

EPSS

Процентиль: 74%
0.00825
Низкий

3.5 Low

CVSS2

2.4 Low

CVSS3