Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10688

Опубликовано: 18 фев. 2020
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Fuse 6resteasyOut of support scope
Red Hat OpenShift Application RuntimesresteasyAffected
Red Hat support for Spring BootresteasyAffected
EAP-CD 19 Tech PreviewresteasyFixedRHSA-2020:233328.05.2020
Red Hat Fuse 7.9resteasyFixedRHSA-2021:314011.08.2021
Red Hat JBoss EAP 7resteasyFixedRHSA-2020:251510.06.2020
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-activemq-artemisFixedRHSA-2020:251111.06.2020
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-apache-cxfFixedRHSA-2020:251111.06.2020
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-bouncycastleFixedRHSA-2020:251111.06.2020
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-codehaus-jacksonFixedRHSA-2020:251111.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1814974RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

EPSS

Процентиль: 45%
0.00222
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-10688

CVSS3: 6.1
ubuntu
около 4 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

nvd логотип

CVE-2020-10688

CVSS3: 6.1
nvd
около 4 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

debian логотип

CVE-2020-10688

CVSS3: 6.1
debian
около 4 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...

github логотип

GHSA-29qj-rvv6-qrmv

CVSS3: 5.4
github
около 4 лет назад

Cross-site scripting in RESTEasy

fstec логотип

BDU:2024-01096

CVSS3: 6.1
fstec
больше 5 лет назад

Уязвимость программного средства RESTEasy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки

EPSS

Процентиль: 45%
0.00222
Низкий

5.4 Medium

CVSS3