UNKNOWN Maven
Apache Struts Cross-site scripting Vulnerability
GHSA-9cjh-qmvx-436c · CVE-2005-3745
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2005-3745
- WEB https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
- WEB https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
- WEB https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
- WEB https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
- WEB https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
- WEB https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
- WEB https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
- WEB http://www.redhat.com/support/errata/RHSA-2006-0157.html
- WEB http://www.redhat.com/support/errata/RHSA-2006-0161.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes