Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13Y2d4LTJodngtNWN3cs216w
Apache Struts Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
Permalink: https://github.com/advisories/GHSA-wcgx-2hvx-5cwrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y2d4LTJodngtNWN3cs216w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 3 months ago
Identifiers: GHSA-wcgx-2hvx-5cwr, CVE-2008-2025
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-2025
- https://bugzilla.novell.com/show_bug.cgi?id=385273
- https://launchpad.net/bugs/cve/2008-2025
- http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://support.novell.com/security/cve/CVE-2008-2025.html
- https://web.archive.org/web/20090410082732/http://secunia.com/advisories/34642
- https://web.archive.org/web/20090411051126/http://secunia.com/advisories/34567
- https://github.com/advisories/GHSA-wcgx-2hvx-5cwr
Affected Packages
maven:struts:struts
Dependent packages: 107Dependent repositories: 540
Downloads:
Affected Version Ranges: < 1.2.9-162.31.1
Fixed in: 1.2.9-162.31.1
All affected versions: 1.0.2, 1.2.2, 1.2.4, 1.2.7, 1.2.8
All unaffected versions: 1.2.9