CVE-2020-10688

CWE-79 — Cross-site Scripting (XSS)11 documents8 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 55.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Resteasy Redhat Fuse Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 27

Latest updateJul 10

Description

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

▶NVDredhat/resteasy4.5.0 — 4.5.3+1

▶Mavenorg.jboss.resteasy:resteasy-bom4.0.0 — 4.5.3.Final+1

▶Mavenorg.jboss.resteasy:resteasy-core4.0.0 — 4.5.3.Final+1

▶Ubunturesteasy< 3.6.2-2ubuntu0.20.04.1~esm1+2

▶Debianresteasy3.0< 3.0.26-4+2

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

resteasy vulnerabilities↗2025-03-13

▶

OSV

Cross-site scripting in RESTEasy↗2021-06-15

▶

GHSA

Cross-site scripting in RESTEasy↗2021-06-15

▶

CVEList

CVE-2020-10688: A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3↗2021-05-27

▶

OSV

CVE-2020-10688: A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3↗2021-05-27

▶

📋Vendor Advisories

Ubuntu

RESTEasy vulnerabilities↗2025-07-10

▶

Ubuntu

RESTEasy vulnerabilities↗2025-03-13

▶

Red Hat

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack↗2020-02-18

▶

Debian

CVE-2020-10688: resteasy - A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11....↗2020

▶

💬Community

Bugzilla

CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack↗2020-03-19

▶