CVE-2012-2662
Description
A cross-site scripting (XSS) flaw in Red Hat Certificate System and Dogtag Certificate System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the Agent and End Entity pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A cross-site scripting (XSS) flaw in Red Hat Certificate System and Dogtag Certificate System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the Agent and End Entity pages.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the Red Hat Certificate System (RHCS) and Dogtag Certificate System before version 8.1.1. The flaw resides in the System Agent and End Entity web interface pages, where unspecified parameters are not properly sanitized, allowing injection of arbitrary web script or HTML. This affects the pki-core packages in Red Hat Enterprise Linux 6, as noted in the advisory [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious URL or form input that, when processed by the affected Agent or End Entity pages, injects and executes arbitrary script or HTML [2]. The attacker requires no special privileges; the attack is performed by luring a victim with a valid session to interact with the crafted input. The flaw is exploitable over the network without authentication, typical of XSS attacks.
Impact
Successful exploitation enables the attacker to perform a cross-site scripting attack against users of the Certificate System's web interface [1]. This can lead to session theft, credential harvesting, defacement, or other client-side attacks within the context of the victim's browser session with the Certificate System. The impact is considered Moderate by Red Hat [2].
Mitigation
Red Hat released updated pki-core packages as part of RHSA-2015:1347 to fix this issue for Red Hat Enterprise Linux 6 [1]. Additionally, the earlier RHSA-2012:1103 addressed the flaw for Red Hat Certificate System 8.1 [2]. Users should upgrade to the fixed versions (RHCS 8.1.1 or later) and restart all Certificate System subsystems. No workarounds were provided; applying the updates is the recommended mitigation.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*range: <=8.1
- cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:8.0:*:*:*:*:*:*:*
- (no CPE)range: <8.1.1
cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- rhn.redhat.com/errata/RHSA-2012-1103.htmlnvdVendor Advisory
- secunia.com/advisories/50013nvdVendor Advisory
- www.securitytracker.com/idnvdVendor Advisory
- osvdb.org/84099nvd
- rhn.redhat.com/errata/RHSA-2015-1347.htmlnvd
- www.securityfocus.com/bid/54608nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/77101nvd
News mentions
0No linked articles in our index yet.