quarkus-vertx-http is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the library’s form authentication session cookie path attribute is set to /
, which allows an attacker to redirect malicious URLs, resulting in information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
quarkus - vert.x - http - runtime | le | 2.13.6.Final | |
quarkus - vert.x - http - runtime | le | 2.13.6.Final |