CVE-2019-10180

CWE-79 — Cross-site Scripting (XSS)8 documents7 sources

Severity

4.8MEDIUM

EPSS

0.8%

top 25.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dogtagpki Dogtagpki [unknown] Pki-core Redhat Certificate System

Timeline

PublishedMar 31

Latest updateMay 24

Description

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5[unknown]/pki-coreall pki-core 10.x.x versions

▶NVDdogtagpki/dogtagpki10.0 — 10.8.3

▶NVDredhat/certificate_system10.0

🔴Vulnerability Details

GHSA

GHSA-3r6g-5p5v-m39h: A vulnerability was found in all pki-core 10↗2022-05-24

▶

CVEList

CVE-2019-10180: A vulnerability was found in all pki-core 10↗2020-03-31

▶

OSV

CVE-2019-10180: A vulnerability was found in all pki-core 10↗2020-03-31

▶

📋Vendor Advisories

Red Hat

pki-core: unsanitized token parameters in TPS resulting in stored XSS↗2020-02-03

▶

Debian

CVE-2019-10180: dogtag-pki - A vulnerability was found in all pki-core 10.x.x version, where the Token Proces...↗2019

▶

💬Community

Bugzilla

CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS [fedora-all]↗2020-02-04

▶

Bugzilla

CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS↗2019-06-17

▶