DOM-Based XSS Vulnerability in pki-core by Red Hat
CVE-2020-25715

6.1MEDIUM

Key Information:

Vendor: Dogtagpki
Status: Pki-core
Vendor: CVE Published:; 28 May 2021

What is CVE-2020-25715?

A vulnerability exists in pki-core 10.9.0 that allows attackers to conduct DOM-based cross-site scripting (XSS) attacks. By crafting a malicious POST request, they can inject potentially harmful scripts into the search query form. This attack vector can lead to the execution of unauthorized code, posing significant risks to data integrity and users' security.

Affected Version(s)

pki-core pki-core 10.9.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1891016

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Sep 16, 2020

Dogtagpki

What is CVE-2020-25715?

Affected Version(s)

References

CVSS V3.1

Timeline