CVE-2022-39834

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...

PrimeKey EJBCA 跨站脚本漏洞

PrimeKey EJBCA is a full-featured CA system software from PrimeKey Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A cross-site scripting vulnerability exists in versions of PrimeKe...

CVE-2022-39834

CVE-2022-39834 describes a stored cross-site scripting vulnerability in PrimeKey EJBCA, specifically in adminweb/ra/viewendentity.jsp, affecting versions up to 7.9.0.2. A low-privilege user can store JavaScript to be executed in the context of a higher-privilege user. The connected documents conf...

PT-2022-25025 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions through 7.9.0.2 Description: A stored XSS issue was found in the adminweb/ra/viewendentity.jsp file. This allows a low-privilege user to store JavaScript, potentially exploiting a higher-privilege user. Recommendations...

CMS Lokomedia - Multiple Cross-Site Scripting HTML Injection Vulnerabilities

CMS Lokomedia - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54150/info CMS Lokomedia is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploi...