CVE-2019-10146

Summary

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

Affected Software

VendorProductVersion RangeStatus
Red Hatpki-coreall pki-core 10.x.x versionsaffected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References