Moderate: Red Hat Security Advisory: RHAPS security and enhancement update

Red Hat Application Server Release 2 Update 1 is now available. This update contains an upgrade of several RHAPS components to newer releases, including JOnAS 4.6.3, Tomcat 5.5.12 and Struts 1.2.8. This update has been rated as having moderate security impact by the Red Hat Security Response Team...

security flaw

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

Low: Red Hat Security Advisory: struts security update for Red Hat Application Server

Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team. Red Hat Application Server packages provide a J2EE Application Server and Web container as well a...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2005-3745

CVE-2005-3745 is an XSS vulnerability in Apache Struts 1.x (notably 1.2.7) where an attacker can inject arbitrary script/HTML via the query string in error messages due to improper quoting/ filtering. Connected documents corroborate multiple vendor advisories: Red Hat notes that Struts 1.2.8 fixe...

Apache Struts 1.2.7 - Error Response Cross-Site Scripting

Apache Struts 1.2.7 - Error Response Cross-Site Scripting source: https://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

[Full-disclosure] Security Advisory: Struts Error Message Cross Site Scripting

Background ========== Struts is an open source framework for building web applications. The core of the Struts framework is a flexible control layer based on standard technologies such as Java Servlets, JavaBeans, resource bundles, and the Extensible Markup Language XML. Struts can be used with...

Apache Struts 1.2.7 - Error Response Cross-Site Scripting

source: https://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...