VYPR
Unrated severityNVD Advisory· Published Mar 20, 2020· Updated Aug 4, 2024

CVE-2020-1696

CVE-2020-1696

Description

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pki Core Project/Pki Corellm-fuzzy2 versions
    10.x.x+ 1 more
    • (no CPE)range: 10.x.x
    • (no CPE)range: all pki-core 10.x.x versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.