Description
A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
Solution(s)
redhat-upgrade-pki-baseredhat-upgrade-pki-base-javaredhat-upgrade-pki-caredhat-upgrade-pki-core-debuginforedhat-upgrade-pki-javadocredhat-upgrade-pki-kraredhat-upgrade-pki-serverredhat-upgrade-pki-symkeyredhat-upgrade-pki-tools
ReferencesCVE-2020-25715RHSA-2021:0819RHSA-2021:0851