Lucene search
+L
ApacheStruts

9 matches found

cve
cve
added 2012/02/07 2:0 a.m.122 views

CVE-2012-1007

CVE-2012-1007 is an XSS vulnerability in Apache Struts 1.3.10. The issue allows remote attackers to inject arbitrary scripts via (1) name in struts-examples/upload/upload-submit.do, or (2) message in struts-cookbook/processSimple.do, or (3) struts-cookbook/processDyna.do. The IBM/OSS sources iden...

4.3CVSS7.6AI score0.33937EPSS
Web
cve
cve
added 2009/04/09 3:0 p.m.97 views

CVE-2008-2025

CVE-2008-2025 is an XSS vulnerability in Apache Struts (prior to 1.2.9-162.31.1 on SUSE SLE 11, prior to 1.2.9-108.2 on SUSE openSUSE 10.3, prior to 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1) caused by insufficient quoting of parameters. Remote attackers ...

4.3CVSS6.6AI score0.07911EPSS
cve
cve
added 2006/03/30 10:0 p.m.95 views

CVE-2006-1548

CVE-2006-1548 is an XSS vulnerability in Apache Struts prior to 1.2.9. The flaw allows remote attackers to inject arbitrary script/HTML via the request parameter name in LookUpDispatchAction, and possibly DispatchAction and ActionDispatcher, with the error message not filtering the input. Connect...

4.3CVSS5.6AI score0.05328EPSS
cve
cve
added 2005/11/22 11:0 a.m.89 views

CVE-2005-3745

CVE-2005-3745 is an XSS vulnerability in Apache Struts 1.x (notably 1.2.7) where an attacker can inject arbitrary script/HTML via the query string in error messages due to improper quoting/ filtering. Connected documents corroborate multiple vendor advisories: Red Hat notes that Struts 1.2.8 fixe...

4.3CVSS5.7AI score0.25707EPSS
cve
cve
added 2012/02/07 2:0 a.m.80 views

CVE-2012-1006

CVE-2012-1006 refers to multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3. The flaws allow remote attackers to inject arbitrary web script or HTML via parameters in the Struts2 showcase applications: (1) name, (2) lastName to struts2-showcase/person/editPerson....

4.3CVSS5.6AI score0.58476EPSS
Web
cve
cve
added 2009/04/09 3:0 p.m.79 views

CVE-2007-6726

CVE-2007-6726 refers to multiple XSS vulnerabilities in Dojo 0.4.1 and 0.4.2 as used in Apache Struts and other products. The issues allow remote injection of arbitrary script/HTML via vectors involving xip_client.html and xip_server.html in src/io/. The NVD entry lists a MEDIUM severity (CVSSv2:...

4.3CVSS5.8AI score0.03447EPSS
cve
cve
added 2009/04/09 3:0 p.m.79 views

CVE-2008-6682

Apache Struts is affected by multiple cross-site scripting (XSS) vulnerabilities in 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1. The issue arises from improper handling of (1) double-quote characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag, ...

4.3CVSS5.7AI score0.05614EPSS
cve
cve
added 2013/11/02 9:0 p.m.78 views

CVE-2013-6348

CVE-2013-6348 refers to multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.x (specifically

4.3CVSS5.8AI score0.06125EPSS
Web
cve
cve
added 2011/05/13 5:0 p.m.60 views

CVE-2011-2087

CVE-2011-2087 affects the javatemplates (Java Templates) plugin in Apache Struts 2.x prior to 2.2.3. The issue is multiple XSS vulnerabilities in eight component handlers (FileHandler.java, HiddenHandler.java, PasswordHandler.java, RadioHandler.java, ResetHandler.java, SelectHandler.java, SubmitH...

4.3CVSS5.8AI score0.06127EPSS