EJBCA Stored XSS | CVE-2022-40711
The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID CVE-2022-40711 to this issue. This is an entry on the CVE List, which standardises names for security problems.
CVE ID: CVE-2022-40711
Date of Disclosure: 11th September 2022
Vendor, Product: Primekey, EJBCA
Affected Product: Ejbca Version 126.96.36.199
Severity Rating: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (CVSS Base Score: 8.1)
EJBCA 188.8.131.52 Community is having a stored XSS vulnerability in an ‘End Entity’ section. A user with ‘RA Administrator’ can inject scripts and XSS the higher privilege users..
Credit: Verneet Singh