CVE-2022-26494

Name of the Vulnerable Software and Affected Versions PrimeKey SignServer versions prior to 5.8.1

Description A cross-site scripting (XSS) issue was identified in the Admin Web interface. This issue can be exploited by using JavaScript code in a worker name before a Generate CSR request. It is noted that only an administrator has the capability to update a worker name.

Recommendations For versions prior to 5.8.1, update to version 5.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Web interface to minimize the risk of exploitation. Additionally, avoid using JavaScript code in worker names until the issue is resolved.