Lucene search
MitreCVELIST:CVE-2008-6682HistoryApr 09, 2009 - 3:00 p.m.
CVE-2008-6682
2009-04-0915:00:00
mitre
www.cve.org
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
References
www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
www.securityfocus.com/bid/34686
issues.apache.org/struts/browse/WW-2414
issues.apache.org/struts/browse/WW-2427
Related
github
github
Apache Struts is vulnerable to Cross-site Scripting
2022-05-17 05:52:45
cve
cve
CVE-2008-6682
2009-04-09 15:08:35
openvas
openvas
Apache Struts Cross Site Scripting Vulnerability
2009-04-23 00:00:00
Apache Struts Security Update (S2-002, S2-003)
2009-04-23 00:00:00
prion
prion
Cross site scripting
2009-04-09 15:08:00
nvd
nvd
CVE-2008-6682
2009-04-09 15:08:35
veracode
veracode
Cross-site Scripting (XSS)
2018-11-09 05:08:17
nessus
nessus
Apache Struts 2 s:a / s:url Tag href Element XSS
2009-04-29 00:00:00
osv
osv
Apache Struts is vulnerable to Cross-site Scripting
2022-05-17 05:52:45