A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. | |
| Title | Jastow: jastow cross-site scripting attack due to unsanitized uri | |
| First Time appeared |
Redhat
Redhat jboss Enterprise Application Platform Redhat jbosseapxp Redhat red Hat Single Sign On |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Vendors & Products |
Redhat
Redhat jboss Enterprise Application Platform Redhat jbosseapxp Redhat red Hat Single Sign On |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-07T16:18:57.555Z
Reserved: 2025-11-06T11:15:12.378Z
Link: CVE-2025-12799
No data.
No data.
No data.
OpenCVE Enrichment
No data.