GHSA-wcgx-2hvx-5cwr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wcgx-2hvx-5cwr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wcgx-2hvx-5cwr/GHSA-wcgx-2hvx-5cwr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wcgx-2hvx-5cwr
- Aliases
-
- CVE-2008-2025
- Published
- 2022-05-01T23:46:00Z
- Modified
- 2024-12-05T05:35:08.394103Z
- Summary
- Apache Struts Cross-site Scripting vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
- Database specific
{ "nvd_published_at": "2009-04-09T15:08:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-09T16:02:15Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-2025
- https://bugzilla.novell.com/show_bug.cgi?id=385273
- https://github.com/apache/struts
- https://launchpad.net/bugs/cve/2008-2025
- https://web.archive.org/web/20090410082732/http://secunia.com/advisories/34642
- https://web.archive.org/web/20090411051126/http://secunia.com/advisories/34567
- http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://support.novell.com/security/cve/CVE-2008-2025.html
Affected packages
Maven / struts:struts
Package
- Name
- struts:struts
- View open source insights on deps.dev
- Purl
- pkg:maven/struts/struts