Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Cross-site scripting in Apache Struts
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
Permalink: https://github.com/advisories/GHSA-p3vw-fvwx-qcv5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-p3vw-fvwx-qcv5, CVE-2006-1548
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-1548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25614
- https://github.com/advisories/GHSA-p3vw-fvwx-qcv5
Affected Packages
maven:struts:struts
Dependent packages: 107Dependent repositories: 540
Downloads:
Affected Version Ranges: < 1.2.9
Fixed in: 1.2.9
All affected versions: 1.0.2, 1.2.2, 1.2.4, 1.2.7, 1.2.8
All unaffected versions: 1.2.9