GHSA-rm26-w253-9qv7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rm26-w253-9qv7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rm26-w253-9qv7/GHSA-rm26-w253-9qv7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rm26-w253-9qv7
- Aliases
-
- CVE-2007-6726
- Published
- 2022-05-01T18:45:52Z
- Modified
- 2023-11-08T03:56:49.657156Z
- Summary
- Apache Struts Dojo Plugin XSS Vulnerability
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1)
xip_client.htmland (2)xip_server.htmlinsrc/io/. - Database specific
{ "nvd_published_at": "2009-04-09T15:08:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-09-22T21:55:23Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-6726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
- https://github.com/apache/struts-archive/blob/master/plugins/struts2-dojo-plugin
- https://issues.apache.org/struts/browse/WW-2134
- http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
- http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
- http://www.dojotoolkit.org/releaseNotes/0.4.3
- http://www.securityfocus.com/bid/34660
Affected packages
Maven / org.apache.struts:struts2-dojo-plugin
Package
- Name
- org.apache.struts:struts2-dojo-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts/struts2-dojo-plugin