CVE-2022-40711 Information

Description

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.

Reference

https://verneet.com/cve-2022-40711/