VulnerableCode Package Details - pkg:rpm/redhat/pki-core@10.5.18-12?arch=el7_9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/pki-core@10.5.18-12?arch=el7_9

Essentials
History (7)

purl	pkg:rpm/redhat/pki-core@10.5.18-12?arch=el7_9

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-7v3m-meaa-sudu Aliases: CVE-2019-10179	pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab	There are no reported fixed by versions.
VCID-97tw-ymj8-6bbj Aliases: CVE-2019-10221	pki-core: Reflected XSS in getcookies?url= endpoint in CA	There are no reported fixed by versions.
VCID-cvxp-ctj9-guej Aliases: CVE-2020-11023 GHSA-jpcq-cgw6-v4j6	Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	There are no reported fixed by versions.
VCID-h3y6-zuub-2kdj Aliases: CVE-2020-25715	pki-core: XSS in the certificate search results	There are no reported fixed by versions.
VCID-pf14-dtsb-ebd2 Aliases: CVE-2020-1721	pki-core: KRA vulnerable to reflected XSS via the getPk12 page	There are no reported fixed by versions.
VCID-qwg3-thj2-tkav Aliases: CVE-2019-10146	pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page	There are no reported fixed by versions.
VCID-z6js-5t5m-fka9 Aliases: CVE-2021-20179	pki-core: Unprivileged users can renew any certificate	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:12:56.510613+00:00	RedHat Importer	Affected by	VCID-pf14-dtsb-ebd2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1721.json	38.0.0
2026-04-01T14:12:56.443358+00:00	RedHat Importer	Affected by	VCID-97tw-ymj8-6bbj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10221.json	38.0.0
2026-04-01T14:12:56.156806+00:00	RedHat Importer	Affected by	VCID-qwg3-thj2-tkav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10146.json	38.0.0
2026-04-01T14:12:56.089072+00:00	RedHat Importer	Affected by	VCID-7v3m-meaa-sudu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10179.json	38.0.0
2026-04-01T14:08:29.787631+00:00	RedHat Importer	Affected by	VCID-cvxp-ctj9-guej	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json	38.0.0
2026-04-01T14:03:04.201456+00:00	RedHat Importer	Affected by	VCID-h3y6-zuub-2kdj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25715.json	38.0.0
2026-04-01T14:02:48.917270+00:00	RedHat Importer	Affected by	VCID-z6js-5t5m-fka9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20179.json	38.0.0