CVE-2005-3745 Information
Description
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string which is not properly quoted or filtered when the request handler generates an error message.
Reference
http://secunia.com/advisories/17677 http://secunia.com/advisories/18341 http://securityreason.com/securityalert/197 http://securitytracker.com/id?1015257 http://www.hacktics.com/AdvStrutsNov05.html http://www.osvdb.org/21021 http://www.redhat.com/support/errata/RHSA-2006-0157.html http://www.redhat.com/support/errata/RHSA-2006-0161.html http://www.securityfocus.com/archive/1/417296/30/0/threaded http://www.securityfocus.com/bid/15512 http://www.vupen.com/english/advisories/2005/2525
Share on: