Stored Cross Site Scripting Vulnerability in pki-core by Red Hat
CVE-2019-10180

2.4LOW

Key Information:

Vendor: [unknown]
Status: Pki-core
Vendor: CVE Published:; 31 March 2020

What is CVE-2019-10180?

A vulnerability in pki-core 10.x.x versions has been identified, where the Token Processing Service (TPS) fails to adequately sanitize parameters stored for tokens. This flaw allows an attacker with the ability to modify token parameters to potentially exploit an authenticated user's session by executing arbitrary JavaScript code, leading to potential compromises in user data and security.

Affected Version(s)

pki-core all pki-core 10.x.x versions

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180

x_refsource_CONFIRM

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2020
Vulnerability Reserved
Mar 27, 2019

CVE-2019-10180 Data

JSON

[unknown]

What is CVE-2019-10180?

Affected Version(s)

References

CVSS V3.1

Timeline