Home

CVE-2020-25715

Description

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.476

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:0851) pki-core security and bug fix update pki-base-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-base-java-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-ca-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-javadoc-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-kra-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-server-10.5.18-12.el7_9.noarch.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-symkey-10.5.18-12.el7_9.x86_64.rpmLinux
(RHSA-2021:0851) pki-core security and bug fix update pki-tools-10.5.18-12.el7_9.x86_64.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-base-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-base-java-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-ca-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-javadoc-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-kra-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-server-10.5.18-12.el7_9.noarch.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-symkey-10.5.18-12.el7_9.x86_64.rpmLinux
(CESA-2021:0851) pki-core security and bug fix update pki-tools-10.5.18-12.el7_9.x86_64.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234