CVE-2020-1696
4.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | pki-core | all pki-core 10.x.x versions | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.