PT-2020-6957 · Red Hat+4 · Resteasy+4

Published

2020-03-19

Updated

2025-08-07

CVE-2020-10688

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions RESTEasy versions prior to 3.11.1.Final RESTEasy versions prior to 4.5.3.Final

Description A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. The issue is related to the lack of protection measures for the web page structure, allowing a remote attacker to conduct XSS attacks.

Recommendations For versions prior to 3.11.1.Final, update to version 3.11.1.Final or later. For versions prior to 4.5.3.Final, update to version 4.5.3.Final or later. As a temporary workaround, consider disabling the RESTEASY003870 exception handling until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-01096

CVE-2020-10688

GHSA-29QJ-RVV6-QRMV

OESA-2021-1231

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

USN-7351-1

USN-7630-1

Affected Products

Debian

Linuxmint

Resteasy

Red Os

Ubuntu

PT-2020-6957 · Red Hat+4 · Resteasy+4

CVE-2020-10688

Weakness Enumeration

Related Identifiers

Affected Products

References · 34