0.001 Low
EPSS
Percentile
35.9%
pki-core is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript code in a user’s browser via the Token IDs from the Activity page.
access.redhat.com/errata/RHSA-2021:0947
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1719042
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10178