Lucene search

Veracode Vulnerability DatabaseVERACODE:7731

HistoryNov 09, 2018 - 7:16 a.m.

Cross-site Scripting (XSS)

2018-11-0907:16:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

struts is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the improper validation of JavaScript tags, allowing XSS attacks.

CPENameOperatorVersion
strutsle1.2.8

CPE	Name	Operator	Version
	struts	le	1.2.8

References

download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml

lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

osvdb.org/53380

secunia.com/advisories/34567

secunia.com/advisories/34642

support.novell.com/security/cve/CVE-2008-2025.html

bugzilla.novell.com/show_bug.cgi?id=385273

launchpad.net/bugs/cve/2008-2025

www.suse.com/security/cve/CVE-2008-2025.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:7731