CVE-2020-1696: XSS
First published: Fri Mar 20 2020(Updated: )
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Certificate System | =9.0 | |
| Redhat Certificate System | =10.0 | |
| Dogtagpki Dogtagpki | >=10.0<=10.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1696?
CVE-2020-1696 is a vulnerability found in all pki-core 10.x.x versions, allowing for Stored Cross-Site Scripting (XSS) attacks.
What is the severity of CVE-2020-1696?
The severity of CVE-2020-1696 is medium with a score of 5.4.
How does CVE-2020-1696 affect Redhat Certificate System?
Redhat Certificate System version 9.0 and 10.0 are affected by CVE-2020-1696.
How does CVE-2020-1696 affect Dogtagpki Dogtagpki?
Dogtagpki Dogtagpki versions 10.0 to 10.8.3 are affected by CVE-2020-1696.
How can I fix CVE-2020-1696?
To fix CVE-2020-1696, it is recommended to update to the latest version of pki-core.
- collector/nvd-index
- vendor/redhat
- canonical/redhat certificate system
- version/redhat certificate system/9.0
- version/redhat certificate system/10.0
- vendor/dogtagpki
- canonical/dogtagpki dogtagpki
- version/dogtagpki dogtagpki/10.0
- version/dogtagpki dogtagpki/10.8.3