Unrated severityNVD Advisory· Published Jan 24, 2014· Updated Apr 29, 2026

CVE-2013-1885

Description

Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/.

Affected products

Red Hat/Certificate System
cpe:2.3:a:redhat:certificate_system:8.1:*:*:*:*:*:*:*
Red Hat/Dogtag Certificate System2 versions
cpe:2.3:a:redhat:dogtag_certificate_system:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:dogtag_certificate_system:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:dogtag_certificate_system:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0856.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdVendor Advisory
osvdb.org/93626nvd
osvdb.org/93627nvd
www.securitytracker.com/id/1029685nvd
exchange.xforce.ibmcloud.com/vulnerabilities/84477nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000