CVE-2020-25715

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: pki-core version 10.9.0

Description: A flaw was found in the software, allowing a specially crafted POST request to reflect a DOM-based cross-site scripting (XSS) attack. This can inject code into the search query form, which can get automatically executed, posing the highest threat to data integrity.

Recommendations: For pki-core version 10.9.0, consider disabling the search query form functionality until a patch is available to prevent potential XSS attacks. Restrict access to the affected form to minimize the risk of exploitation. Avoid using the search query form in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CESA-2020_4847

CESA-2021_0851

CVE-2020-25715

RHSA-2020:4847

RHSA-2020_4847

RHSA-2021:0819

RHSA-2021:0851

RHSA-2021:0975

RHSA-2021:1263

RHSA-2021_0851

RLSA-2020:4847

USN-7146-1

Affected Products

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Pki-Core

CVE-2020-25715

Weakness Enumeration

Related Identifiers

Affected Products

References · 78