CVE-2016-6347
Description
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.093
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-6345,CVE-2016-6348,CVE-2016-6347 are fixed in JBoss-resteasy-client 3.0.20 | Windows |
| Vulnerabilities CVE-2016-6345,CVE-2016-6347 are fixed in JBoss-resteasy-client 3.1.0 | Windows |
| Vulnerabilities CVE-2016-6345,CVE-2016-6348,CVE-2016-6347 are fixed in JBoss-resteasy-client for Linux 3.0.20 | Linux |
| Vulnerabilities CVE-2016-6345,CVE-2016-6347 are fixed in JBoss-resteasy-client for Linux 3.1.0 | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy-java_3.6.2-3ubuntu0.25.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-3ubuntu0.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.10.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.25.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234