Description


A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Related CPE's


References


https://bugzilla.redhat.com/show_bug.cgi?id=1891016

ExploitIssue TrackingPatchThird Party Advisory

Weaknesses



CWE-79


CWE-79

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-05-28T11:15:07.640

4 years ago

Last modified

2021-06-08T02:10:20.387

4 years ago