Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Improper Input Validation Vulnerability (CVE-2020-10693)

Description

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Statistics Cross-Site Scripting (13.2.1)

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)

WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)

WordPress Plugin The Post Grid-Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Cross-Site Request Forgery (5.0.4)

Severity

Medium

Classification

CVE-2020-10693 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities