vulnerability
Red Hat JBoss EAP: CVE-2020-10688: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 18, 2020 | Sep 19, 2024 | Jul 2, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 18, 2020
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.. A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2020-10688
- https://attackerkb.com/topics/CVE-2020-10688
- URL-https://access.redhat.com/security/cve/CVE-2020-10688
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1814974
- URL-https://github.com/quarkusio/quarkus/issues/7248
- URL-https://issues.redhat.com/browse/RESTEASY-2519
- URL-https://access.redhat.com/errata/RHSA-2020:2511
- URL-https://access.redhat.com/errata/RHSA-2020:2512
- URL-https://access.redhat.com/errata/RHSA-2020:2513
- URL-https://access.redhat.com/errata/RHSA-2020:2515
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.