CVE-2008-6682

2009-04-0915:08:35

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6682

apache struts

xss

cross-site scripting

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

Affected configurations

NVD

Node

apachestrutsMatch2.0.6

apachestrutsMatch2.0.8

apachestrutsMatch2.0.9

apachestrutsMatch2.0.11

apachestrutsMatch2.1

CPENameOperatorVersion
apache:strutsapache strutseq2.0.6
apache:strutsapache strutseq2.0.8
apache:strutsapache strutseq2.0.9
apache:strutsapache strutseq2.0.11
apache:strutsapache strutseq2.1

CPE	Name	Operator	Version
apache:struts	apache struts	eq	2.0.6
apache:struts	apache struts	eq	2.0.8
apache:struts	apache struts	eq	2.0.9
apache:struts	apache struts	eq	2.0.11
apache:struts	apache struts	eq	2.1