VDB
CVE-2019-10180
CVE-2019-10180
PUBLISHED
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
EPSS 0.67% · 71.8th percentile
Risk Scores
EPSS Score
0.67%
71.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | dogtag-pki | 10.2.6+git20160317-1ubuntu0.1~esm1, 0, 10.2.6-1 |
| Ubuntu:20.04:LTS | dogtag-pki | 0, 10.8.3-1ubuntu1, 10.7.3-4 |
| Ubuntu:18.04:LTS | dogtag-pki | 10.6.0-1ubuntu2, 0, 10.3.5+12-5 |
Exploit Intelligence
Timeline
- Mar 31, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10180 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1721137 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10180 third-party-advisory