The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribute * bootstrap: Cross-site Scripting in the data-container property of tooltip * bootstrap: XSS in the tooltip or popover data-template attribute * jquery: Prototype pollution in object"s prototype leading to denial of service, remote code execution, or property injection * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method * jquery: Passing HTML containing option elements to manipulation methods could result in untrusted code execution * pki: Dogtag"s python client does not validate certificates * pki-core: Reflected XSS in "path length" constraint field in CA"s Agent page * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA"s DRM agent page in authorize recovery tab * pki-core: Reflected XSS in getcookies?url= endpoint in CA * pki-core: KRA vulnerable to reflected XSS via the getPk12 page For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.