CVE-2019-10180

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Published: Mar 31, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-10180
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
dogtagpki / dogtagpki	10.0	10.8.3.x
redhat / certificate_system	10.0	10.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180

Vulnerability Database

289,697

CVE-2019-10180