Lucene search
PRIOn knowledge basePRION:CVE-2020-1696HistoryMar 20, 2020 - 3:15 p.m.
Cross site scripting
2020-03-2015:15:00
PRIOn knowledge base
www.prio-n.com
3
0.001 Low
EPSS
Percentile
22.7%
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dogtagpki | ge | 10.0 | |
| dogtagpki | le | 10.8.3 | |
| certificate_system | eq | 9.0 | |
| certificate_system | eq | 10.0 |
Related
cvelist
cvelist
CVE-2020-1696
2020-03-20 13:58:49
cve
cve
CVE-2020-1696
2020-03-20 15:15:13
redhatcve
redhatcve
CVE-2020-1696
2020-02-04 11:17:27
ubuntucve
ubuntucve
CVE-2020-1696
2020-03-20 00:00:00
debiancve
debiancve
CVE-2020-1696
2020-03-20 15:15:13
veracode
veracode
Cross-Site Scripting (XSS)
2021-03-23 10:25:54
osv
osv
CVE-2020-1696
2020-03-20 15:15:13
nvd
nvd
CVE-2020-1696
2020-03-20 15:15:13
redhat
redhat
nessus
nessus
RHEL 7 : pki-core and redhat-pki-theme (RHSA-2021:0947)
2024-04-27 00:00:00
oraclelinux
oraclelinux
pki-core security and bug fix update
2021-03-17 00:00:00