CVE-2020-25715
6.1
MEDIUM
CVSS 3.1
EPSS 0.36%
Description
A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
How to fix CVE-2020-25715
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/dogtag-pki—no fix listed
Is CVE-2020-25715 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |