Description

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

https://github.com/quarkusio/quarkus/issues/7248

https://issues.redhat.com/browse/RESTEASY-2519

https://security.netapp.com/advisory/ntap-20210706-0008/

Related Vulnerabilities

CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2023-45820 Vulnerability in npm package directus

CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2023-51075 Vulnerability in maven package cn.hutool:hutool-core

CVE-2021-32820 Vulnerability in npm package express-handlebars

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Patch Vendor Advisory Exploit Third Party Advisory Permissions Required NVD-CWE-noinfo