CVE-2019-10179
Description
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.451
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-base-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-base-java-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-ca-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-javadoc-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-kra-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-server-10.5.18-12.el7_9.noarch.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-symkey-10.5.18-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:0851) pki-core security and bug fix update pki-tools-10.5.18-12.el7_9.x86_64.rpm | Linux |
| Pki-base update (ELSA-2021-0851) pki-base-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-base-java update (ELSA-2021-0851) pki-base-java-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-ca update (ELSA-2021-0851) pki-ca-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-javadoc update (ELSA-2021-0851) pki-javadoc-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-kra update (ELSA-2021-0851) pki-kra-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-server update (ELSA-2021-0851) pki-server-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-symkey update (ELSA-2021-0851) pki-symkey-10.5.18-12.el7_9.x86_64.rpm | Linux |
| Pki-tools update (ELSA-2021-0851) pki-tools-10.5.18-12.el7_9.x86_64.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-base-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-base-java-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-ca-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-javadoc-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-kra-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-server-10.5.18-12.el7_9.noarch.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-symkey-10.5.18-12.el7_9.x86_64.rpm | Linux |
| (CESA-2021:0851) pki-core security and bug fix update pki-tools-10.5.18-12.el7_9.x86_64.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| Apache-commons-collections update (ELSA-2020-4847) apache-commons-collections-3.2.2-10.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Apache-commons-lang update (ELSA-2020-4847) apache-commons-lang-2.6-21.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Apache-commons-net update (ELSA-2020-4847) apache-commons-net-3.6-3.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Bea-stax-api update (ELSA-2020-4847) bea-stax-api-1.2.0-16.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-fastinfoset update (ELSA-2020-4847) glassfish-fastinfoset-1.2.13-9.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-api update (ELSA-2020-4847) glassfish-jaxb-api-2.2.12-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-core update (ELSA-2020-4847) glassfish-jaxb-core-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-runtime update (ELSA-2020-4847) glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-txw2 update (ELSA-2020-4847) glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-annotations update (ELSA-2020-4847) jackson-annotations-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-core update (ELSA-2020-4847) jackson-core-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-databind update (ELSA-2020-4847) jackson-databind-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-jaxrs-json-provider update (ELSA-2020-4847) jackson-jaxrs-json-provider-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-jaxrs-providers update (ELSA-2020-4847) jackson-jaxrs-providers-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-module-jaxb-annotations update (ELSA-2020-4847) jackson-module-jaxb-annotations-2.7.6-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jakarta-commons-httpclient update (ELSA-2020-4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Javassist update (ELSA-2020-4847) javassist-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Javassist-javadoc update (ELSA-2020-4847) javassist-javadoc-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jss update (ELSA-2020-4847) jss-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Jss-javadoc update (ELSA-2020-4847) jss-javadoc-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Ldapjdk update (ELSA-2020-4847) ldapjdk-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Ldapjdk-javadoc update (ELSA-2020-4847) ldapjdk-javadoc-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-base update (ELSA-2020-4847) pki-base-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-base-java update (ELSA-2020-4847) pki-base-java-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-ca update (ELSA-2020-4847) pki-ca-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-kra update (ELSA-2020-4847) pki-kra-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-server update (ELSA-2020-4847) pki-server-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-servlet-4.0-api update (ELSA-2020-4847) pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Pki-servlet-engine update (ELSA-2020-4847) pki-servlet-engine-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Pki-symkey update (ELSA-2020-4847) pki-symkey-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Pki-tools update (ELSA-2020-4847) pki-tools-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Python-nss-doc update (ELSA-2020-4847) python-nss-doc-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpm | Linux |
| Python3-nss update (ELSA-2020-4847) python3-nss-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpm | Linux |
| Python3-pki update (ELSA-2020-4847) python3-pki-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| RelaxngDatatype update (ELSA-2020-4847) relaxngDatatype-2011.1-7.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Resteasy update (ELSA-2020-4847) resteasy-3.0.26-3.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Slf4j update (ELSA-2020-4847) slf4j-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Slf4j-jdk14 update (ELSA-2020-4847) slf4j-jdk14-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Stax-ex update (ELSA-2020-4847) stax-ex-1.7.7-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Tomcatjss update (ELSA-2020-4847) tomcatjss-7.5.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Velocity update (ELSA-2020-4847) velocity-1.7-24.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xalan-j2 update (ELSA-2020-4847) xalan-j2-2.7.1-38.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xerces-j2 update (ELSA-2020-4847) xerces-j2-2.11.0-34.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xml-commons-apis update (ELSA-2020-4847) xml-commons-apis-1.4.01-25.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xml-commons-resolver update (ELSA-2020-4847) xml-commons-resolver-1.2-26.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xmlstreambuffer update (ELSA-2020-4847) xmlstreambuffer-1.5.4-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xsom update (ELSA-2020-4847) xsom-0-19.20110809svn.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234