Stored Cross-Site Scripting in PKI Core Token Processing Service
CVE-2020-1696
4.6MEDIUM
What is CVE-2020-1696?
A security flaw in all versions of pki-core 10.x.x allows for stored Cross-Site Scripting (XSS) through the Token Processing Service (TPS). The vulnerability arises from insufficient sanitization of Profile IDs utilized in the service, permitting attackers with adequate permissions to manipulate authenticated users into executing hostile JavaScript code. This poses significant risks, including the potential for unauthorized data access and compromise of user accounts.
Affected Version(s)
pki-core all pki-core 10.x.x versions