Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1814974
https://github.com/quarkusio/quarkus/issues/7248
https://issues.redhat.com/browse/RESTEASY-2519
https://security.netapp.com/advisory/ntap-20210706-0008/
Related Vulnerabilities
CVE-2023-26149 Vulnerability in maven package org.webjars.npm:quill-mention
CVE-2022-25867 Vulnerability in maven package io.socket:socket.io-client
CVE-2019-14820 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web
CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core