CVE-2012-4543

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
redhatcertificate_system
𝑥
≤ 8.1.1
redhatcertificate_system
7.1
redhatcertificate_system
7.2
redhatcertificate_system
7.3
redhatcertificate_system
8.0
redhatcertificate_system
8.1
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pki-ca
RHEL 6
0:9.0.3-30.el6
fixed
pki-common
RHEL 6
0:9.0.3-30.el6
fixed
pki-common-javadoc
RHEL 6
0:9.0.3-30.el6
fixed
pki-java-tools
RHEL 6
0:9.0.3-30.el6
fixed
pki-java-tools-javadoc
RHEL 6
0:9.0.3-30.el6
fixed
pki-native-tools
RHEL 6
0:9.0.3-30.el6
fixed
pki-selinux
RHEL 6
0:9.0.3-30.el6
fixed
pki-setup
RHEL 6
0:9.0.3-30.el6
fixed
pki-silent
RHEL 6
0:9.0.3-30.el6
fixed
pki-symkey
RHEL 6
0:9.0.3-30.el6
fixed
pki-util
RHEL 6
0:9.0.3-30.el6
fixed
pki-util-javadoc
RHEL 6
0:9.0.3-30.el6
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-1550.html
http://rhn.redhat.com/errata/RHSA-2013-0511.html
http://secunia.com/advisories/51482
http://www.securityfocus.com/bid/56843
http://www.securitytracker.com/id?1027846
https://bugzilla.redhat.com/show_bug.cgi?id=864397
http://rhn.redhat.com/errata/RHSA-2012-1550.html
http://rhn.redhat.com/errata/RHSA-2013-0511.html
http://secunia.com/advisories/51482
http://www.securityfocus.com/bid/56843
http://www.securitytracker.com/id?1027846
https://bugzilla.redhat.com/show_bug.cgi?id=864397