Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS05Y2poLXFtdngtNDM2Y813FQ

Apache Struts Cross-site scripting Vulnerability

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Permalink: https://github.com/advisories/GHSA-9cjh-qmvx-436c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y2poLXFtdngtNDM2Y813FQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago

EPSS Percentage: 0.00297
EPSS Percentile: 0.68926

Identifiers: GHSA-9cjh-qmvx-436c, CVE-2005-3745
References:

• https://nvd.nist.gov/vuln/detail/CVE-2005-3745
• https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
• https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
• http://www.redhat.com/support/errata/RHSA-2006-0157.html
• http://www.redhat.com/support/errata/RHSA-2006-0161.html
• https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
• https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
• https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
• https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
• https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
• https://github.com/advisories/GHSA-9cjh-qmvx-436c

Blast Radius: 0.0

Affected Packages