OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Certificate System Dogtag Certificate System Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:redhat:certificate_system::::::::
	cpe:2.3:a:redhat:certificate_system:7.1:::::::*
	cpe:2.3:a:redhat:certificate_system:7.2:::::::*
	cpe:2.3:a:redhat:certificate_system:7.3:::::::*
	cpe:2.3:a:redhat:certificate_system:8:::::::*
	cpe:2.3:a:redhat:certificate_system:8.0:::::::*
	cpe:2.3:a:redhat:dogtag_certificate_system::::::::

Package	CPE	Advisory	Released Date
Red Hat Certificate System 8
pki-common-0:8.1.1-1.el5pki	cpe:/a:redhat:certificate_system:8::el5	RHSA-2012:1103	2012-07-19T00:00:00Z
pki-tps-0:8.1.1-1.el5pki	cpe:/a:redhat:certificate_system:8::el5	RHSA-2012:1103	2012-07-19T00:00:00Z
pki-util-0:8.1.1-1.el5pki	cpe:/a:redhat:certificate_system:8::el5	RHSA-2012:1103	2012-07-19T00:00:00Z
Red Hat Enterprise Linux 6
pki-core-0:9.0.3-43.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1347	2015-07-20T00:00:00Z

References

Link	Providers
http://osvdb.org/84099
http://rhn.redhat.com/errata/RHSA-2012-1103.html
http://rhn.redhat.com/errata/RHSA-2015-1347.html
http://secunia.com/advisories/50013
http://www.securityfocus.com/bid/54608
http://www.securitytracker.com/id?1027284
https://exchange.xforce.ibmcloud.com/vulnerabilities/77101
https://nvd.nist.gov/vuln/detail/CVE-2012-2662
https://www.cve.org/CVERecord?id=CVE-2012-2662

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-13T20:00:00

Updated: 2024-08-06T19:42:31.591Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2662

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-13T20:55:05.757

Modified: 2024-11-21T01:39:23.840

Link: CVE-2012-2662

Redhat

Severity : Moderate

Publid Date: 2012-07-19T00:00:00Z

Links: CVE-2012-2662 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object