Cross-Site Scripting (XSS)

2019-01-1508:51:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

66.0%

JSON

Red Hat Certificate System (RHCS) is vulnerable to cross-site scripting. It does not escape the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script, allowing the attack against via Certificate System’s web interface.

CPENameOperatorVersion
pki-commoneq8.1.0__23.el5pki
pki-commoneq8.0.1__3.el5pki
pki-commoneq8.0.4__1.el5pki
pki-commoneq8.1.1__1.el5pki
pki-commoneq8.0.0__16.el5pki
pki-commoneq8.1.3__1.el5pki
pki-tpseq8.0.0__29.el5pki
pki-tpseq8.1.1__1.el5pki
pki-tpseq8.1.0__20.el5pki
pki-tpseq8.1.3__1.el5pki

Name	Operator	Version
pki-common	eq	8.1.0__23.el5pki
pki-common	eq	8.0.1__3.el5pki
pki-common	eq	8.0.4__1.el5pki
pki-common	eq	8.1.1__1.el5pki
pki-common	eq	8.0.0__16.el5pki
pki-common	eq	8.1.3__1.el5pki
pki-tps	eq	8.0.0__29.el5pki
pki-tps	eq	8.1.1__1.el5pki
pki-tps	eq	8.1.0__20.el5pki
pki-tps	eq	8.1.3__1.el5pki