CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25715

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=1891016
https://bugzilla.redhat.com/show_bug.cgi?id=1891016

Products affected by CVE-2020-25715

Dogtagpki » Dogtagpki » Version: 10.9.0

cpe:2.3:a:dogtagpki:dogtagpki:10.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25715

Products

Pricing

Contact Us