Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10896

HistoryJan 15, 2019 - 8:53 a.m.

Cross-site Scripting (XSS)

2019-01-1508:53:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

EPSS

0.003

Percentile

65.7%

pki-tps is vulnerable to cross-site scripting. A lack of input validation and sanitization allows a remote attacker to inject arbitrary Javascript into a victim’s browser via the PATH_INFO variable to steal session tokens or perform unwanted actions on behalf of the user.

References

osvdb.org/93626

osvdb.org/93627

rhn.redhat.com/errata/RHSA-2013-0856.html

www.securitytracker.com/id/1029685

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=923039

exchange.xforce.ibmcloud.com/vulnerabilities/84477

rhn.redhat.com/errata/RHSA-2013-0856.html

EPSS

0.003

Percentile

65.7%

Related for VERACODE:10896

nvd1 prion1 cve1 cvelist1 openvas2 redhat1 veracode1 fedora1 nessus2