A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "dogtag-pki" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "dogtag-pki-console-theme" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "dogtag-pki-server-theme" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "libsymkey-java" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "libsymkey-jni" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "libsymkey-jni-dbgsym" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-base" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-ca" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-console" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-javadoc" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-kra" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-ocsp" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-server" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tks" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tools" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tools-dbgsym" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tps" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tps-client" }, { "binary_version": "10.2.6+git20160317-1ubuntu0.1~esm1", "binary_name": "pki-tps-client-dbgsym" } ] }