CVE-2019-10178: XSS
First published: Wed Mar 18 2020(Updated: )
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dogtagpki Dogtagpki |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10178?
CVE-2019-10178 is a vulnerability found in the Token Processing Service (TPS) that enables a Stored Cross Site Scripting (XSS) attack.
How does the CVE-2019-10178 vulnerability work?
The vulnerability occurs due to the Token Processing Service (TPS) not properly sanitizing the Token IDs from the 'Activity' page, allowing an unauthenticated attacker to execute XSS attacks.
What is the severity of CVE-2019-10178?
The severity of CVE-2019-10178 is medium with a CVSS score of 6.1.
What software is affected by CVE-2019-10178?
The Dogtagpki software is affected by CVE-2019-10178.
How can CVE-2019-10178 be fixed?
To fix CVE-2019-10178, it is recommended to update to the latest version of the Dogtagpki software.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dogtagpki
- canonical/dogtagpki dogtagpki