CVE-2019-10179

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10179
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10179.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10179
Downstream
Published
2020-03-20T15:15:12.793Z
Modified
2026-04-02T01:29:09.943137Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

References

Affected packages

Git / github.com/dogtagpki/pki

Affected ranges

Type
GIT
Repo
https://github.com/dogtagpki/pki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b55549ae53cd230b1177f0cd77243300a86dd332
Database specific 
{
    "versions": [
        {
            "introduced": "10.0"
        },
        {
            "last_affected": "10.8.3"
        }
    ]
}

Affected versions

Other
DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314
DOGTAG_10_0_2_FEDORA_18_19_20130507
DOGTAG_10_0_3_FEDORA_18_19_20130606
DOGTAG_10_0_4_1_FEDORA_18_19_20130725
DOGTAG_10_0_5_1_FEDORA_18_19_20130906
DOGTAG_10_0_5_1_RHEL7_20130906
DOGTAG_10_0_5_2_RHEL7_20131103
DOGTAG_10_0_6_1_FEDORA_18_19_20131101
DOGTAG_10_0_7_1_FEDORA_19_20140317
DOGTAG_10_1_0_BETA_20131111
DOGTAG_10_1_0_BETA_FEDORA_20_20131111
DOGTAG_10_1_0_GA_FEDORA_20_20131121
DOGTAG_10_1_1_1_FEDORA_20_20140321
DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909
DOGTAG_10_2_1_FEDORA_22_20150108
DOGTAG_10_2_20150808
DOGTAG_10_2_2_FEDORA_22_20150318
DOGTAG_10_2_3_FEDORA_22_20150423
DOGTAG_10_2_4_FEDORA_22_20150526
DOGTAG_10_2_5_FEDORA_22_20150619
DOGTAG_10_2_6_FEDORA_22_23_20150718
DOGTAG_10_3_0_FEDORA_24_20160516
DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307
DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407
DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418
DOGTAG_10_3_1_FEDORA_24_20160517
DOGTAG_10_3_2_FEDORA_24_20160607
DOGTAG_10_3_3_FEDORA_24_20160620
DOGTAG_10_3_4_FEDORA_24_20160705
DOGTAG_10_3_5_FEDORA_24_20160808
DOGTAG_10_4_8_FEDORA_27
DOGTAG_10_4_FEDORA_25_20170314
DOGTAG_10_4_FEDORA_27_20170331
DOGTAG_10_4_FEDORA_27_20170413
DOGTAG_10_4_FEDORA_27_20170501
DOGTAG_10_4_FEDORA_27_20170509
DOGTAG_10_4_FEDORA_27_20170522
DOGTAG_10_4_FEDORA_27_20170530
DOGTAG_10_4_FEDORA_27_20170605
DOGTAG_10_4_FEDORA_27_20170612
DOGTAG_10_5_0_FEDORA_27
DOGTAG_10_5_1_FEDORA_27
DOGTAG_PKI_CORE_10_0_4_2_FEDORA_18_19_20130802
pki-core-10.*
pki-core-10.1.2-4
pki-core-10.2.0-3
pki-core-10.2.1-0.1
v10.*
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.1.0
v10.1.1
v10.1.2
v10.10.0
v10.10.0-b1
v10.10.1
v10.10.2
v10.10.3
v10.10.4
v10.10.5
v10.10.6
v10.10.7
v10.11.0
v10.11.0-alpha1
v10.11.0-alpha2
v10.11.0-alpha3
v10.11.1
v10.11.2
v10.11.5
v10.11.6
v10.12.0
v10.12.4
v10.12.7
v10.13.0
v10.13.1
v10.13.10
v10.13.11
v10.13.12
v10.13.13
v10.13.2
v10.13.3
v10.13.4
v10.13.5
v10.13.8
v10.14.0
v10.14.1
v10.14.2
v10.14.3
v10.15.0
v10.15.0-alpha1
v10.15.1
v10.2.0
v10.2.1
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.3.4
v10.3.5
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.5.0
v10.5.1
v10.5.10
v10.5.11
v10.5.12
v10.5.16
v10.5.17
v10.5.18
v10.5.2
v10.5.3
v10.5.4
v10.5.5
v10.5.6
v10.5.7
v10.5.8
v10.5.9
v10.6.0
v10.6.0-beta
v10.6.0-beta2
v10.6.0-rc
v10.6.1
v10.6.10
v10.6.2
v10.6.3
v10.6.4
v10.6.5
v10.6.6
v10.6.7
v10.6.8
v10.6.9
v10.7.0
v10.7.1
v10.7.2
v10.7.3
v10.7.4
v10.8.0
v10.8.0-a1
v10.8.0-a2
v10.8.0-b1
v10.8.0-b2
v10.8.0-b3
v10.8.1
v10.8.2
v10.8.3
v10.9.0
v10.9.0-a1
v10.9.0-a2
v10.9.0-b1
v10.9.0-b2
v10.9.0-b3
v10.9.0-b4
v10.9.1
v10.9.2
v10.9.4
v11.*
v11.0.0
v11.0.0-alpha1
v11.0.0-beta1
v11.0.2
v11.0.3
v11.0.5
v11.0.6
v11.1.0
v11.1.0-alpha1
v11.1.0-alpha2
v11.2.0-beta1
v11.2.0-beta2
v11.2.0-beta3
v11.2.1
v11.3.0
v11.3.0-beta1
v11.3.1
v11.4.0
v11.4.0-alpha1
v11.4.1
v11.4.2
v11.4.3
v11.5.0
v11.5.0-alpha1
v11.5.0-alpha2
v11.5.0-alpha3
v11.5.0-alpha4
v11.5.0-alpha5
v11.5.0-alpha6
v11.5.0-alpha7
v11.5.1
v11.5.2
v11.5.3
v11.5.4
v11.6.0
v11.6.0-alpha1
v11.6.0-alpha2
v11.6.0-alpha3
v11.6.1
v11.7.0
v11.7.0-beta1
v11.7.1
v11.8.0
v11.8.0-beta1
v11.8.0-beta2
v11.8.0-beta3
v11.8.0-beta4
v11.8.0-beta5
v11.8.0-beta6
v11.9.0
v11.9.0-beta1
v11.9.0-beta2
v11.9.0-beta3
v11.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10179.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]