Description
A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
Solution(s)
centos-upgrade-pki-basecentos-upgrade-pki-base-javacentos-upgrade-pki-cacentos-upgrade-pki-core-debuginfocentos-upgrade-pki-javadoccentos-upgrade-pki-kracentos-upgrade-pki-servercentos-upgrade-pki-symkeycentos-upgrade-pki-tools
ReferencesCESA-2021:0819CESA-2021:0851CVE-2020-25715