CVE-2019-10221

Name of the Vulnerable Software and Affected Versions pki-core versions 10.x.x

Description A Reflected Cross Site Scripting issue was found in the pki-ca module of the pki-core server, caused by missing sanitization of the GET URL parameters. An attacker could exploit this flaw to trick an authenticated user into clicking a specially crafted link, which can execute arbitrary code when viewed in a browser.

Recommendations For pki-core versions 10.x.x, consider disabling the pki-ca module until a patch is available to prevent exploitation of the Reflected Cross Site Scripting issue. Restrict access to the pki-core server to minimize the risk of exploitation. Avoid using unsanitized GET URL parameters in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.