10 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused ...
SUSE CVE-2019-10221
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a...
EulerOS 2.0 SP2 : pki-core (EulerOS-SA-2021-2424)
According to the versions of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject co...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1831)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1698)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 7 : pki-core (RHSA-2021:0851)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0851 advisory. - A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not...
Oracle Linux 7 : pki-core (ELSA-2021-0851)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0851 advisory. - Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS certificatesystem9-default edewata, asche...
Important: Red Hat Security Advisory: pki-core security and bug fix update
An update for pki-core is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4847 advisory. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 - bootstrap: XSS in the data-target attribute CVE-2016-10735 - bootstrap:...
CVE-2019-10221
CVE-2019-10221 is a reflected XSS vulnerability in the pki-core suite, specifically the pki-ca module, caused by unsanitized GET URL parameters. The issue existed across all 10.x.x versions of pki-core and could be triggered by a specially crafted link viewed by an authenticated user in a browser...