Cross-site Scripting (XSS)

2021-03-2310:25:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

35.9%

JSON

pki-core is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript code in a user’s browser via the Token IDs from the Activity page.

CPENameOperatorVersion
pki-coreeq10.2.6__8.el7pki
pki-coreeq10.5.1__9.el7pki
pki-coreeq10.5.16__3.el7pki
pki-coreeq10.5.1__13.1.el7pki
pki-coreeq10.5.18__7.el7pki
pki-coreeq10.3.3__16.el7pki
pki-coreeq10.5.9__13.el7pki
pki-coreeq10.5.9__10.el7pki
pki-coreeq10.5.16__6.el7pki
pki-coreeq10.3.3__17.el7pki

Name	Operator	Version
pki-core	eq	10.2.6__8.el7pki
pki-core	eq	10.5.1__9.el7pki
pki-core	eq	10.5.16__3.el7pki
pki-core	eq	10.5.1__13.1.el7pki
pki-core	eq	10.5.18__7.el7pki
pki-core	eq	10.3.3__16.el7pki
pki-core	eq	10.5.9__13.el7pki
pki-core	eq	10.5.9__10.el7pki
pki-core	eq	10.5.16__6.el7pki
pki-core	eq	10.3.3__17.el7pki