108 matches found
DEBIAN-CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...
CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...
Cross site scripting
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...
UBUNTU-CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...
CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could...
CVE-2019-10180
The CVE-2019-10180 issue affects all pki-core 10.x.x versions where the Token Processing Service (TPS) unsafely stored or sanitized token parameters, enabling Stored XSS. The root cause is improper sanitization of several parameters stored for tokens, allowing an attacker who can modify token par...
PT-2020-9057 · Pki-Core +1 · Pki-Core +1
Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A vulnerability was found in the Token Processing Service TPS where it did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS...
DEBIAN-CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...
Cross site scripting
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...
UBUNTU-CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...
CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...
CVE-2020-1696
CVE-2020-1696 affects all pki-core 10.x.x versions where the Token Processing Service (TPS) fails to sanitize Profile IDs, enabling Stored XSS when the profile ID is printed. The issue is described as Stored XSS in TPS profile creation/Activity tab across Red Hat advisory references, with an atta...
CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated...
PT-2020-14898 · Red Hat +1 · Pki-Core +1
Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A flaw was found in the Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker wi...
pki-core cross-site scripting vulnerability
pki-core is a library that provides an API for PKI operations. A cross-site scripting vulnerability exists in the Token Processing Service TPS of pki-core. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit the...
CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
DEBIAN-CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
UBUNTU-CVE-2019-10178
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
Cross site scripting
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...