{
  "threat_severity" : "Moderate",
  "public_date" : "2012-12-06T00:00:00Z",
  "bugzilla" : {
    "description" : "System: Multiple cross-site scripting flaws by displaying CRL or processing profile",
    "id" : "864397",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=864397"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Certificate System 8",
    "release_date" : "2012-12-06T00:00:00Z",
    "advisory" : "RHSA-2012:1550",
    "cpe" : "cpe:/a:redhat:certificate_system:8::el5",
    "package" : "pki-common-0:8.1.3-2.el5pki"
  }, {
    "product_name" : "Red Hat Certificate System 8",
    "release_date" : "2012-12-06T00:00:00Z",
    "advisory" : "RHSA-2012:1550",
    "cpe" : "cpe:/a:redhat:certificate_system:8::el5",
    "package" : "pki-tps-0:8.1.3-2.el5pki"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-20T00:00:00Z",
    "advisory" : "RHSA-2013:0511",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "pki-core-0:9.0.3-30.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-4543\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4543" ],
  "name" : "CVE-2012-4543",
  "csaw" : false
}