Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-10688

Опубликовано: 27 мая 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

РелизСтатусПримечание
bionic

DNE

devel

needed

eoan

ignored

end of life
esm-apps/focal

released

3.6.2-2ubuntu0.20.04.1~esm1
esm-apps/jammy

released

3.6.2-2ubuntu0.22.04.1~esm1
esm-apps/noble

released

3.6.2-2ubuntu0.24.04.1~esm1
esm-apps/xenial

released

3.0.6-3ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

3.0.26-4
eoan

ignored

end of life
esm-apps/bionic

released

3.0.26-1~18.04.1~esm1
esm-apps/focal

released

3.0.26-1ubuntu0.1~esm1
esm-apps/jammy

released

3.0.26-3ubuntu0.1
esm-apps/noble

not-affected

3.0.26-4
esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 45%
0.00222
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-10688

CVSS3: 5.4
redhat
больше 5 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

nvd логотип

CVE-2020-10688

CVSS3: 6.1
nvd
около 4 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

debian логотип

CVE-2020-10688

CVSS3: 6.1
debian
около 4 лет назад

A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...

github логотип

GHSA-29qj-rvv6-qrmv

CVSS3: 5.4
github
около 4 лет назад

Cross-site scripting in RESTEasy

fstec логотип

BDU:2024-01096

CVSS3: 6.1
fstec
больше 5 лет назад

Уязвимость программного средства RESTEasy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки

EPSS

Процентиль: 45%
0.00222
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3