CVE-2019-10178

Name of the Vulnerable Software and Affected Versions pki-core (affected versions not specified)

Description The Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.