CVE-2019-10180
LOWdogtagpki 10.0-10.8.2 - Stored Cross-Site Scripting in Token Processing Service
Title source: llmDescription
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180
Scores
CVSS v3
2.4
EPSS
0.0067
EPSS Percentile
71.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-79
Status
published
Products (2)
dogtagpki/dogtagpki
10.0 - 10.8.3
redhat/certificate_system
10.0
Published
Mar 31, 2020
Tracked Since
Feb 18, 2026