CVE-2012-4543: XSS

First published: Tue Oct 09 2012(Updated: )

Multiple cross-site scripting (XSS) flaws were found in the way: 1) 'displayCRL' script of Certificate System sanitized content of 'pageStart' and 'pageSize' variables provided in the query string, 2) 'profileProcess' script of Certificate System sanitized content of 'nonce' variable provided in the query string. A remote attacker could provide a specially-crafted web page that, when visited by an unsuspecting Certificate System user would lead to arbitrary HTML or web script execution in the context of Certificate System user session.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2012-4543
• agent/software-canonical-lookup
• agent/severity
• agent/references
• agent/author
• agent/last-modified-date
• agent/weakness
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• package-manager/redhat
• vendor/redhat
• canonical/red hat certificate system
• version/red hat certificate system/8.1.1
• version/red hat certificate system/7.1
• version/red hat certificate system/7.2
• version/red hat certificate system/7.3
• version/red hat certificate system/8
• version/red hat certificate system/8.0
• version/red hat certificate system/8.1