CVE-2006-1548 – struts:struts

Package

Manager: maven
Name: struts:struts
Vulnerable Version: >=0 <1.2.9

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.08769 pctl0.92175

Details

Cross-site scripting in Apache Struts Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Metadata

Created: 2022-05-01T06:50:42Z
Modified: 2022-06-07T23:11:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p3vw-fvwx-qcv5/GHSA-p3vw-fvwx-qcv5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p3vw-fvwx-qcv5
Finding: F008
Auto approve: 1