10.8.1

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-15	CVE-2021-20179	Incorrect Authorization vulnerability in multiple products A flaw was found in pki-core. network low complexity dogtagpki redhat fedoraproject CWE-863	8.1
2020-03-31	CVE-2019-10180	Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. network low complexity dogtagpki redhat CWE-79	4.8
2020-03-20	CVE-2020-1696	Cross-site Scripting vulnerability in multiple products A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. network low complexity redhat dogtagpki CWE-79	5.4
2020-03-20	CVE-2019-10221	Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. network low complexity redhat dogtagpki CWE-79	6.1
2020-03-20	CVE-2019-10179	Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. network low complexity redhat dogtagpki CWE-79	6.1