Cross-site Scripting (XSS)

2019-01-1508:54:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

68.3%

JSON

pki-util is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists through multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages.

CPENameOperatorVersion
pki-tpseq8.0.0__29.el5pki
pki-tpseq8.1.0__20.el5pki
pki-commoneq8.0.1__3.el5pki
pki-commoneq8.0.0__16.el5pki
pki-commoneq8.1.0__23.el5pki
pki-commoneq8.0.4__1.el5pki
pki-utileq8.1.0__6.el5pki
pki-utileq8.0.1__2.el5pki
pki-utileq8.0.0__16.el5pki
pki-coreeq9.0.3__21.el6_2

Name	Operator	Version
pki-tps	eq	8.0.0__29.el5pki
pki-tps	eq	8.1.0__20.el5pki
pki-common	eq	8.0.1__3.el5pki
pki-common	eq	8.0.0__16.el5pki
pki-common	eq	8.1.0__23.el5pki
pki-common	eq	8.0.4__1.el5pki
pki-util	eq	8.1.0__6.el5pki
pki-util	eq	8.0.1__2.el5pki
pki-util	eq	8.0.0__16.el5pki
pki-core	eq	9.0.3__21.el6_2