4 matches found
MiracleLinux 7 : pki-core-10.5.18-12.el7 (AXSA:2021-1610:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1610:01 advisory. pki-core: Unprivileged users can renew any certificate CVE-2021-20179 pki-core: XSS in the certificate search results CVE-2020-25715 pki-core:...
pki-core: Reflected XSS in getcookies?url= endpoint in CA
A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...
CVE-2019-10221 Pki-core: Reflected XSS In Getcookies?url= Endpoint In CA
pki-core is vulnerable to cross-site scripting. The vulnerability exists due to a missing sanitization of the GET URL parameters...
pki-core: Reflected XSS in getcookies?url= endpoint in CA
A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...