CVE-2022-40711

Name of the Vulnerable Software and Affected Versions PrimeKey EJBCA version 7.9.0.2 Community

Description The issue allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.

Recommendations For PrimeKey EJBCA version 7.9.0.2 Community, consider restricting access to the End Entity section for users with the RA Administrator role until a patch is available. As a temporary workaround, monitor user activity closely to detect potential XSS payload injections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.