CVE-2019-10180: XSS
First published: Tue Mar 31 2020(Updated: )
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dogtagpki Dogtagpki | >=10.0<=10.8.3 | |
| Redhat Certificate System | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10180?
CVE-2019-10180 is a vulnerability found in all pki-core 10.x.x versions, involving the Token Processing Service (TPS) and a Stored Cross Site Scripting (XSS) vulnerability.
What is the severity of CVE-2019-10180?
CVE-2019-10180 has a severity rating of medium (4.8).
How does CVE-2019-10180 impact Dogtagpki Dogtagpki?
CVE-2019-10180 affects Dogtagpki Dogtagpki versions 10.0 to 10.8.3.
How does CVE-2019-10180 impact Redhat Certificate System?
CVE-2019-10180 affects Redhat Certificate System version 10.0.
How can I fix CVE-2019-10180?
To fix CVE-2019-10180, users should update to a patched version of pki-core that addresses the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/dogtagpki
- canonical/dogtagpki dogtagpki
- version/dogtagpki dogtagpki/10.0
- version/dogtagpki dogtagpki/10.8.3
- vendor/redhat
- canonical/redhat certificate system
- version/redhat certificate system/10.0