Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-10688)

Description

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP-Forum Multiple SQL Injection Vulnerabilities (1.7.8)

Wordpress Plugin Backup Migration Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-7002)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0325)

WordPress Plugin Site Reviews CSV Injection (6.2.0)

Jenkins Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-43497)

Severity

Medium

Classification

CVE-2020-10688 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities