Lucene search

Veracode Vulnerability DatabaseVERACODE:7780

HistoryNov 14, 2018 - 12:27 a.m.

Cross-Site Scripting (XSS)

2018-11-1400:27:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Apache Struts is vulnerable to cross-site scripting. Lack of input validation and sanitization on the query string allows a remote attacker to inject arbitrary Javascript into a victim’s browser when the reuest handler generates an error message.

CPENameOperatorVersion
strutsle1.1
strutsle1.2.7

CPE	Name	Operator	Version
	struts	le	1.1
	struts	le	1.2.7

References

secunia.com/advisories/17677

secunia.com/advisories/18341

securityreason.com/securityalert/197

securitytracker.com/id?1015257

www.hacktics.com/AdvStrutsNov05.html

www.osvdb.org/21021

www.redhat.com/support/errata/RHSA-2006-0157.html

www.redhat.com/support/errata/RHSA-2006-0161.html

www.securityfocus.com/archive/1/417296/30/0/threaded

www.securityfocus.com/bid/15512

www.vupen.com/english/advisories/2005/2525

github.com/apache/struts1/commit/d75d351da0f85b8930fd47fd3c23f5351cddbcf3

lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:7780