{"id":"CVE-2020-1721","details":"A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.","modified":"2026-03-13T00:33:53.580249Z","published":"2021-04-30T12:15:07.410Z","references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777579"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dogtagpki/pki","events":[{"introduced":"0"},{"last_affected":"5b5ddd5d736fd719cc94a159af392fff91a734c7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.10.5"}]}}],"versions":["DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314","DOGTAG_10_0_2_FEDORA_18_19_20130507","DOGTAG_10_1_0_BETA_20131111","DOGTAG_10_1_0_BETA_FEDORA_20_20131111","DOGTAG_10_1_0_GA_FEDORA_20_20131121","DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909","DOGTAG_10_2_1_FEDORA_22_20150108","DOGTAG_10_2_20150808","DOGTAG_10_2_2_FEDORA_22_20150318","DOGTAG_10_2_3_FEDORA_22_20150423","DOGTAG_10_2_4_FEDORA_22_20150526","DOGTAG_10_2_5_FEDORA_22_20150619","DOGTAG_10_2_6_FEDORA_22_23_20150718","DOGTAG_10_3_0_FEDORA_24_20160516","DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307","DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407","DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418","DOGTAG_10_3_1_FEDORA_24_20160517","DOGTAG_10_3_2_FEDORA_24_20160607","DOGTAG_10_3_3_FEDORA_24_20160620","DOGTAG_10_3_4_FEDORA_24_20160705","DOGTAG_10_3_5_FEDORA_24_20160808","DOGTAG_10_4_8_FEDORA_27","DOGTAG_10_4_FEDORA_25_20170314","DOGTAG_10_4_FEDORA_27_20170331","DOGTAG_10_4_FEDORA_27_20170413","DOGTAG_10_4_FEDORA_27_20170501","DOGTAG_10_4_FEDORA_27_20170509","DOGTAG_10_4_FEDORA_27_20170522","DOGTAG_10_4_FEDORA_27_20170530","DOGTAG_10_4_FEDORA_27_20170605","DOGTAG_10_4_FEDORA_27_20170612","DOGTAG_10_5_0_FEDORA_27","DOGTAG_10_5_1_FEDORA_27","pki-core-10.2.0-3","pki-core-10.2.1-0.1","v10.0.2","v10.1.0","v10.10.0","v10.10.0-b1","v10.10.1","v10.10.2","v10.10.3","v10.10.4","v10.10.5","v10.2.0","v10.2.1","v10.2.2","v10.2.3","v10.2.4","v10.2.5","v10.2.6","v10.3.0","v10.3.1","v10.3.2","v10.3.3","v10.3.4","v10.3.5","v10.4.0","v10.4.1","v10.4.2","v10.4.3","v10.4.4","v10.4.5","v10.4.6","v10.4.7","v10.4.8","v10.5.0","v10.5.1","v10.5.2","v10.5.3","v10.6.0","v10.6.0-beta","v10.6.0-beta2","v10.6.0-rc","v10.6.1","v10.6.2","v10.6.3","v10.6.4","v10.6.5","v10.6.6","v10.6.7","v10.6.8","v10.6.9","v10.7.0","v10.7.1","v10.7.2","v10.8.0","v10.8.0-a1","v10.8.0-a2","v10.8.0-b1","v10.8.0-b2","v10.8.0-b3","v10.8.1","v10.8.2","v10.9.0","v10.9.0-a1","v10.9.0-a2","v10.9.0-b1","v10.9.0-b2","v10.9.0-b3","v10.9.0-b4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1721.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}