EJBCA Stored XSS | CVE-2022-40711

The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID​ CVE-2022-40711 to this issue. This is an entry on the CVE List, which standardises names for security problems.


CVE ID: CVE-2022-40711
Date of Disclosure: 11th September 2022
Vendor, Product: Primekey, EJBCA
Affected Product: Ejbca Version

Severity Rating: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (CVSS Base Score: 8.1)

EJBCA Community is having a stored XSS vulnerability in an ‘End Entity’ section. A user with ‘RA Administrator’ can inject scripts and XSS the higher privilege users..




Credit: Verneet Singh