Reflected Cross-Site Scripting Vulnerability in pki-core by Red Hat
CVE-2020-1721
6.1MEDIUM
What is CVE-2020-1721?
A vulnerability exists in the Key Recovery Authority (KRA) Agent Service of pki-core 10.10.5, where insufficient sanitization of the recovery ID in key recovery requests can lead to reflected cross-site scripting scenarios. This flaw can be exploited by an attacker to deceive an authenticated user into executing malicious JavaScript code, potentially compromising user data and session security.
Affected Version(s)
pki-core pki-core 10.10.5
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved