CVE-2019-10180 LOW

CVE-2019-10180

Vendor [Unknown]

Product pki-core

Weakness CWE-79 · XSS

Published March 31, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Key dates

02Disclosure timeline

March 31, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-10180 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode CVE-2025-50051 WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability CVE-2022-42450 HCL Domino Volt is affected by Cross-site scripting (XSS)