CVE-2020-25715

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25715

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25715.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25715

Related

Published

2021-05-28T11:15:07Z

Modified

2024-09-11T04:36:14.995090Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

References

Affected packages

Debian:11 / dogtag-pki

Package

Name: dogtag-pki
Purl: pkg:deb/debian/dogtag-pki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.10.2-3

10.10.6-1

11.*

11.0.0-1

11.0.3-1

11.0.3-2

11.0.3-3

11.0.3-4

11.0.6-1

11.0.6-2

11.2.1-1

11.2.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/dogtagpki/pki

Affected ranges

Type: GIT
Repo: https://github.com/dogtagpki/pki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b047c13247fbc7a0d330b598ed87dfec0bb26cb7

Affected versions

Other

DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314

DOGTAG_10_0_2_FEDORA_18_19_20130507

DOGTAG_10_1_0_BETA_20131111

DOGTAG_10_1_0_BETA_FEDORA_20_20131111

DOGTAG_10_1_0_GA_FEDORA_20_20131121

DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909

DOGTAG_10_2_1_FEDORA_22_20150108

DOGTAG_10_2_20150808

DOGTAG_10_2_2_FEDORA_22_20150318

DOGTAG_10_2_3_FEDORA_22_20150423

DOGTAG_10_2_4_FEDORA_22_20150526

DOGTAG_10_2_5_FEDORA_22_20150619

DOGTAG_10_2_6_FEDORA_22_23_20150718

DOGTAG_10_3_0_FEDORA_24_20160516

DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307

DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407

DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418

DOGTAG_10_3_1_FEDORA_24_20160517

DOGTAG_10_3_2_FEDORA_24_20160607

DOGTAG_10_3_3_FEDORA_24_20160620

DOGTAG_10_3_4_FEDORA_24_20160705

DOGTAG_10_3_5_FEDORA_24_20160808

DOGTAG_10_4_8_FEDORA_27

DOGTAG_10_4_FEDORA_25_20170314

DOGTAG_10_4_FEDORA_27_20170331

DOGTAG_10_4_FEDORA_27_20170413

DOGTAG_10_4_FEDORA_27_20170501

DOGTAG_10_4_FEDORA_27_20170509

DOGTAG_10_4_FEDORA_27_20170522

DOGTAG_10_4_FEDORA_27_20170530

DOGTAG_10_4_FEDORA_27_20170605

DOGTAG_10_4_FEDORA_27_20170612

DOGTAG_10_5_0_FEDORA_27

DOGTAG_10_5_1_FEDORA_27

pki-core-10.*

pki-core-10.2.0-3

pki-core-10.2.1-0.1

v10.*

v10.0.2

v10.1.0

v10.2.0

v10.2.1

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.3.4

v10.3.5

v10.4.0

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.4.7

v10.4.8

v10.5.0

v10.5.1

v10.5.2

v10.5.3

v10.6.0

v10.6.0-beta

v10.6.0-beta2

v10.6.0-rc

v10.6.1

v10.6.2

v10.6.3

v10.6.4

v10.6.5

v10.6.6

v10.6.7

v10.6.8

v10.6.9

v10.7.0

v10.7.1

v10.7.2

v10.8.0

v10.8.0-a1

v10.8.0-a2

v10.8.0-b1

v10.8.0-b2

v10.8.0-b3

v10.8.1

v10.8.2

v10.9.0

v10.9.0-a1

v10.9.0-a2

v10.9.0-b1

v10.9.0-b2

v10.9.0-b3

v10.9.0-b4