CVE-2020-10688
Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.222
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10688 are fixed in JBoss-resteasy-core 3.11.1 | Windows |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss-resteasy-core 4.5.3 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.4 | Windows |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss - resteasy-bom 3.11.1 | Windows |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss - resteasy-bom 4.5.3 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 2.3 | Windows |
| RESTEasy -- Framework for RESTful Web services and Java applications (USN-7351-1) libresteasy-java_3.6.2-2ubuntu0.24.10.1_all.deb | Linux |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss-resteasy-core for Linux 3.11.1 | Linux |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss-resteasy-core for Linux 4.5.3 | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy-java_3.6.2-3ubuntu0.25.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-3ubuntu0.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.10.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.25.04.1_all.deb | Linux |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss - resteasy-bom for Linux 3.11.1 | Linux |
| Vulnerabilities CVE-2020-10688 are fixed in JBoss - resteasy-bom for Linux 4.5.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234