Lucene search

K
osvGoogleOSV:GHSA-M3X6-9V6H-4G28
HistoryMay 14, 2022 - 1:57 a.m.

Cross-site Scripting in Apache Struts

2022-05-1401:57:01
Google
osv.dev
35
cross-site scripting
apache struts
jre 1.8
urldecoder
vulnerability
multi-byte characters
web script
html
remote attackers
single byte page encoding
software

EPSS

0.027

Percentile

90.7%

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.

EPSS

0.027

Percentile

90.7%