CVE-2020-1721 - AskarLabs CVE Database

CVE-2020-1721

Vendor N/A

Product pki-core

Weakness CWE-79 · XSS

Published April 30, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

Key dates

02Disclosure timeline

April 30, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-1721 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-7064 ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-49245 WordPress Testimonials Showcase plugin <= 1.9.16 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-39181 GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS) CVE-2026-24752 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting CVE-2025-5845 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter