2549 matches found
security flaw
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
Low: Red Hat Security Advisory: struts security update for Red Hat Application Server
Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team. Red Hat Application Server packages provide a J2EE Application Server and Web container as well a...
security flaw
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3745
CVE-2005-3745 is an XSS vulnerability in Apache Struts 1.x (notably 1.2.7) where an attacker can inject arbitrary script/HTML via the query string in error messages due to improper quoting/ filtering. Connected documents corroborate multiple vendor advisories: Red Hat notes that Struts 1.2.8 fixe...
Apache Struts 1.2.7 - Error Response Cross-Site Scripting
Apache Struts 1.2.7 - Error Response Cross-Site Scripting source: https://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...
[Full-disclosure] Security Advisory: Struts Error Message Cross Site Scripting
Background ========== Struts is an open source framework for building web applications. The core of the Struts framework is a flexible control layer based on standard technologies such as Java Servlets, JavaBeans, resource bundles, and the Extensible Markup Language XML. Struts can be used with...
Apache Struts 1.2.7 - Error Response Cross-Site Scripting
source: https://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...