Описание
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Ссылки
- Issue TrackingPatchVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одно из
Одновременно
Одно из
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...
Уязвимость программного средства RESTEasy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2