CVE-2020-1696
Description
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.367
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Pki-base update (ELSA-2021-0851) pki-base-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-base-java update (ELSA-2021-0851) pki-base-java-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-ca update (ELSA-2021-0851) pki-ca-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-javadoc update (ELSA-2021-0851) pki-javadoc-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-kra update (ELSA-2021-0851) pki-kra-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-server update (ELSA-2021-0851) pki-server-10.5.18-12.el7_9.noarch.rpm | Linux |
| Pki-symkey update (ELSA-2021-0851) pki-symkey-10.5.18-12.el7_9.x86_64.rpm | Linux |
| Pki-tools update (ELSA-2021-0851) pki-tools-10.5.18-12.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234