1221502 – pki-core: cross-site scripting flaw in the dogtag administration page (port 9180, port 9444)

Bug 1221502 - pki-core: cross-site scripting flaw in the dogtag administration page (port 9180, port 9444)

Summary: pki-core: cross-site scripting flaw in the dogtag administration page (port 9...

Keywords:
Status:	CLOSED DUPLICATE of bug 826646
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-05-14 08:24 UTC by Martin Prpič
Modified:	2019-09-29 13:32 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-05-15 08:32:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2015-05-14 08:24:14 UTC

It was reported (in bug 1220423) that the administation page of the dogtag PKI is vulnerable to reflected Cross-Site Scripting (XSS) attacks.

Upstream bug:

https://fedorahosted.org/pki/ticket/1373

Reproducer:

1. Browse to: https://ipa_server:9444/ca/ee/ca/profileSelect?profileId=plop%3C/script%3E%3Cscript%3Evar%20x=document.cookie;alert%28x%29;//

Comment 1 Martin Prpič 2015-05-14 08:25:07 UTC

Fedora tracking bug: bug 1220423

Comment 4 Martin Prpič 2015-05-15 08:32:07 UTC


*** This bug has been marked as a duplicate of bug 826646 ***

Note You need to log in before you can comment on or make changes to this bug.