A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-28T10:20:26

Updated: 2024-08-04T15:40:36.827Z

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25715

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-28T11:15:07.640

Modified: 2024-11-21T05:18:33.417

Link: CVE-2020-25715

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-02T00:00:00Z

Links: CVE-2020-25715 - Bugzilla