4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Apache Struts is vulnerable to cross-site scripting. Lack of input validation and sanitization on the query string allows a remote attacker to inject arbitrary Javascript into a victim’s browser when the reuest handler generates an error message.
secunia.com/advisories/17677
secunia.com/advisories/18341
securityreason.com/securityalert/197
securitytracker.com/id?1015257
www.hacktics.com/AdvStrutsNov05.html
www.osvdb.org/21021
www.redhat.com/support/errata/RHSA-2006-0157.html
www.redhat.com/support/errata/RHSA-2006-0161.html
www.securityfocus.com/archive/1/417296/30/0/threaded
www.securityfocus.com/bid/15512
www.vupen.com/english/advisories/2005/2525
github.com/apache/struts1/commit/d75d351da0f85b8930fd47fd3c23f5351cddbcf3
lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E