Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05Y2poLXFtdngtNDM2Y813FQ
Apache Struts Cross-site scripting Vulnerability
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Permalink: https://github.com/advisories/GHSA-9cjh-qmvx-436cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y2poLXFtdngtNDM2Y813FQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-9cjh-qmvx-436c, CVE-2005-3745
References:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3745
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
- http://www.redhat.com/support/errata/RHSA-2006-0157.html
- http://www.redhat.com/support/errata/RHSA-2006-0161.html
- https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
- https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
- https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
- https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
- https://github.com/advisories/GHSA-9cjh-qmvx-436c
Affected Packages
maven:org.apache.struts:struts-core
Dependent packages: 84Dependent repositories: 632
Downloads:
Affected Version Ranges: <= 1.2.7
No known fixed version
All affected versions: