Description

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Remediation

References

CVE-2020-10688

Related Vulnerabilities

Liferay Portal Insufficiently Protected Credentials Vulnerability (CVE-2021-29043)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)

Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2019-12855)

WordPress Plugin Relevant-Related Posts by BestWebSoft Cross-Site Scripting (1.0.7)

Python Cryptographic Issues Vulnerability (CVE-2013-7040)

Severity

Medium

Classification

CVE-2020-10688 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities