Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20293

Опубликовано: 10 июн. 2021
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
Версия до 4.6.0 (включая)
Конфигурация 2
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00402
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2021-20293

CVSS3: 6.1
ubuntu
больше 4 лет назад

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

redhat логотип

CVE-2021-20293

CVSS3: 5.4
redhat
почти 5 лет назад

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

debian логотип

CVE-2021-20293

CVSS3: 6.1
debian
больше 4 лет назад

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...

github логотип

GHSA-5h26-c766-g93v

CVSS3: 6.1
github
больше 4 лет назад

Cross-Site Scripting

EPSS

Процентиль: 60%
0.00402
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79