A flaw was found in recoveryID search field at KRA's DRM agent page in authorize recovery tab, this user input is not being sanitized and therefore it is vulnerable to a reflected XSS.
Name: Pritam Singh (Red Hat)
This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.
Created pki-core tracking bugs for this issue:
Affects: fedora-all [bug 1797689]
Do you know if this was reported in the upstream issue tracker and there is a fix?
Upstream is aware. There is currently no fix.
However, the security consequences are very limited.
e.g. : Thanks to the webUI using client side TLS authentication, stealing a cookie will not be of much use to the attacker.
At the moment, the only concerns are defacing.
If/when there is a fix upstream, it will be posted on this bug tracker.
I hope this helps!