CVE-2019-10180

2020-03-3116:31:52

CWE-79

redhat

www.cve.org

2.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

CNA Affected

[
  {
    "product": "pki-core",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "all pki-core 10.x.x versions"
      }
    ]
  }
]