1986 matches found
security flaw
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
security flaw
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
CVE-2005-3745 is an XSS vulnerability in Apache Struts 1.x (notably 1.2.7) where an attacker can inject arbitrary script/HTML via the query string in error messages due to improper quoting/ filtering. Connected documents corroborate multiple vendor advisories: Red Hat notes that Struts 1.2.8 fixe...
Apache Struts 1.2.7 - Error Response Cross-Site Scripting
source: https://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...