CVE-2008-6682
Apache Struts is affected by multiple cross-site scripting (XSS) vulnerabilities in 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1. The issue arises from improper handling of (1) double-quote characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag, ...