A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1814974 | Issue Tracking Patch Vendor Advisory |
https://github.com/quarkusio/quarkus/issues/7248 | Exploit Issue Tracking Third Party Advisory |
https://issues.redhat.com/browse/RESTEASY-2519 | Issue Tracking Permissions Required Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210706-0008/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2021-05-27 12:15
Updated : 2022-05-13 13:47
NVD link : CVE-2020-10688
Mitre link : CVE-2020-10688
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
redhat
- resteasy
- enterprise_linux
- jboss_enterprise_application_platform
- openshift_application_runtimes
- fuse