CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

Cross site scripting

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

PrimeKey EJBCA 跨站脚本漏洞

PrimeKey EJBCA is a full-featured CA system software from PrimeKey Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation, and other functions to achieve access security. A security vulnerability exists in PrimeKey EJBCA version 7.9.0.2...

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community is affected by CVE-2022-40711, a stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload targeting higher-privilege users. Public remediations/patch version not specified in the provided sources. Exploitation details a...

PT-2023-13896 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA version 7.9.0.2 Community Description: The issue allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users. Recommendations: For PrimeKey EJBCA...

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

CVE-2022-39834

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

CVE-2022-39834

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

Cross site scripting

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

CVE-2022-39834

CVE-2022-39834 describes a stored cross-site scripting vulnerability in PrimeKey EJBCA, specifically in adminweb/ra/viewendentity.jsp, affecting versions up to 7.9.0.2. A low-privilege user can store JavaScript to be executed in the context of a higher-privilege user. The connected documents conf...

CVE-2022-39834

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

CVE-2022-39834

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

PT-2022-25025 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions through 7.9.0.2 Description: A stored XSS issue was found in the adminweb/ra/viewendentity.jsp file. This allows a low-privilege user to store JavaScript, potentially exploiting a higher-privilege user. Recommendations...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

Input validation

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

CVE-2022-34831

Keyfactor PrimeKey EJBCA (before 7.9.0) is vulnerable to an ACME-related issue where, after DNS identifiers are validated in the ACME challenge, a non‑compliant client can add extra dnsNames in the CSR at finalize, causing EJBCA to issue a certificate containing unvalidated identifiers. This bypa...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...