CVE-2022-26494
CVE-2022-26494 describes an XSS in PrimeKey SignServer Admin Web: an attacker can inject JavaScript by placing code in a worker name prior to a Generate CSR request. Exploitation requires authentication (admin) and targets SignServer versions before 5.8.1. The vulnerability arises from handling t...