Lucene search
PRIOn knowledge basePRION:CVE-2008-6682HistoryApr 09, 2009 - 3:08 p.m.
Cross site scripting
2009-04-0915:08:00
PRIOn knowledge base
www.prio-n.com
6
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
References
www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
www.securityfocus.com/bid/34686
issues.apache.org/struts/browse/WW-2414
issues.apache.org/struts/browse/WW-2427
Related
github
github
Apache Struts is vulnerable to Cross-site Scripting
2022-05-17 05:52:45
cve
cve
CVE-2008-6682
2009-04-09 15:08:35
openvas
openvas
Apache Struts Cross Site Scripting Vulnerability
2009-04-23 00:00:00
Apache Struts Security Update (S2-002, S2-003)
2009-04-23 00:00:00
nvd
nvd
CVE-2008-6682
2009-04-09 15:08:35
veracode
veracode
Cross-site Scripting (XSS)
2018-11-09 05:08:17
cvelist
cvelist
CVE-2008-6682
2009-04-09 15:00:00
nessus
nessus
Apache Struts 2 s:a / s:url Tag href Element XSS
2009-04-29 00:00:00
osv
osv
Apache Struts is vulnerable to Cross-site Scripting
2022-05-17 05:52:45