Description

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

https://github.com/quarkusio/quarkus/issues/7248

https://issues.redhat.com/browse/RESTEASY-2519

https://security.netapp.com/advisory/ntap-20210706-0008/

Related Vulnerabilities

CVE-2023-34453 Vulnerability in maven package org.xerial.snappy:snappy-java

CVE-2022-36096 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-ui

CVE-2021-41109 Vulnerability in npm package parse-server

CVE-2020-14967 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2023-32991 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Patch Vendor Advisory Exploit Third Party Advisory Permissions Required