Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1814974
https://github.com/quarkusio/quarkus/issues/7248
https://issues.redhat.com/browse/RESTEASY-2519
https://security.netapp.com/advisory/ntap-20210706-0008/
Related Vulnerabilities
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins
CVE-2022-39386 Vulnerability in npm package fastify-websocket
CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap
CVE-2022-24278 Vulnerability in npm package convert-svg-core