DOM-based XSS Vulnerability in pki-core 10.9.0

DOM-based XSS Vulnerability in pki-core 10.9.0

CVE-2020-25715 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

Learn more about our Web Application Penetration Testing UK.