DEBIAN-CVE-2020-10688

DEBIAN-CVE-2020-10688 PUBLISHED CVSS 6.099999904632568 MEDIUM

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:13	resteasy3.0	0, 0, 0
Debian:11	resteasy3.0	3.0.26-5, 3.0.26-2, 3.0.26-4
Debian:14	resteasy3.0	0, 0, 0
Debian:12	resteasy3.0	0, 0, 0

Timeline

May 27, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-10688 advisory

Open in Interactive Console →