CVE-2005-3745 – org.apache.struts:struts-core

Package

Manager: maven
Name: org.apache.struts:struts-core
Vulnerable Version: >=0 <=1.2.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.55839 pctl0.98014

Details

Apache Struts Cross-site scripting Vulnerability Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Metadata

Created: 2022-05-01T02:20:38Z
Modified: 2023-09-18T23:52:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9cjh-qmvx-436c/GHSA-9cjh-qmvx-436c.json
CWE IDs: ["CWE-80"]
Alternative ID: GHSA-9cjh-qmvx-436c
Finding: F063
Auto approve: 1