7 matches found
CVE-2020-1721
A flaw was found in the Key Recovery Authority KRA Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting XSS vulnerability. An attacker could trick an authenticated victim into executing...
Cross-Site Scripting (XSS)
pki-core vulnerable to cross-site scripting. The vulnerability exists due to a flaw was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery ID during a key recovery request...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1346)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...
PT-2020-9056 · Pki-Core +3 · Pki-Core +3
Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A vulnerability was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. ...