CVE-2019-10180

Name of the Vulnerable Software and Affected Versions pki-core versions 10.x.x

Description A vulnerability was found in the Token Processing Service (TPS) where it did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Recommendations For pki-core versions 10.x.x, ensure that the Token Processing Service (TPS) properly sanitizes parameters stored for the tokens to prevent Stored Cross Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to the TPS until a patch is available.