CVE-2006-1548 Information
Description
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name which is not filtered in the resulting error message.
Reference
http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://secunia.com/advisories/19493 http://secunia.com/advisories/20117 http://securitytracker.com/id?1015856 http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html http://www.securityfocus.com/bid/17342 http://www.vupen.com/english/advisories/2006/1205 https://exchange.xforce.ibmcloud.com/vulnerabilities/25614 https://issues.apache.org/struts/browse/STR-2781
Share on: