Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

CVE-2015-9251 — jquery: Cross-site scripting via cross-domain ajax requests CVE-2016-10735 — bootstrap: XSS in the data-target attribute CVE-2018-14040 — bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute CVE-2018-14042 — bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip CVE-2019-8331 — bootstrap: XSS in the tooltip or popover data-template attribute CVE-2019-10146 — pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page CVE-2019-10179 — pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab CVE-2019-10221 — pki-core: Reflected XSS in getcookies?url= endpoint in CA CVE-2019-11358 — jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection CVE-2020-1721 — pki-core: KRA vulnerable to reflected XSS via the getPk12 page CVE-2020-1935 — tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling CVE-2020-1938 — tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-15720 — pki: Dogtag's python client does not validate certificates CVE-2020-25715 — pki-core: XSS in the certificate search results CVE-2022-25762 — tomcat: request mixup