GHSA-9cjh-qmvx-436c

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9cjh-qmvx-436c/GHSA-9cjh-qmvx-436c.json

Aliases

CVE-2005-3745

Published

2022-05-01T02:20:38Z

Modified

2023-09-18T23:52:44Z

Details

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

References

https://nvd.nist.gov/vuln/detail/CVE-2005-3745
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
http://www.redhat.com/support/errata/RHSA-2006-0157.html
http://www.redhat.com/support/errata/RHSA-2006-0161.html

Affected packages

Maven / org.apache.struts:struts-core

Source Details

Package Name: org.apache.struts:struts-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

1.2.7

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}