CVE-2019-10180
Last modified
CVE-2019-10180 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dogtagpki | Dogtagpki | >= 10.0, <= 10.8.3 |
| Redhat | Certificate System | 10.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10180?
How severe is CVE-2019-10180?
How do I fix CVE-2019-10180?
Are you affected by CVE-2019-10180?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST