CVE-2019-10178
Description
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the Activity page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.726
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Pki-base update (ELSA-2021-0851) pki-base-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-base-java update (ELSA-2021-0851) pki-base-java-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-ca update (ELSA-2021-0851) pki-ca-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-javadoc update (ELSA-2021-0851) pki-javadoc-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-kra update (ELSA-2021-0851) pki-kra-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-server update (ELSA-2021-0851) pki-server-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-symkey update (ELSA-2021-0851) pki-symkey-10.5.18-12.el7_9.x86_64.rpm | Linux |
| Pki-tools update (ELSA-2021-0851) pki-tools-10.5.18-12.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234