Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1814974
https://github.com/quarkusio/quarkus/issues/7248
https://issues.redhat.com/browse/RESTEASY-2519
https://security.netapp.com/advisory/ntap-20210706-0008/
Related Vulnerabilities
CVE-2022-22984 Vulnerability in npm package snyk-docker-plugin
CVE-2023-28628 Vulnerability in maven package lambdaisland:uri
CVE-2023-48241 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-query
CVE-2022-24771 Vulnerability in npm package node-forge
CVE-2018-20677 Vulnerability in maven package org.webjars.bower:bootstrap