CVE-2005-3745

EPSS 59.1%

Apache Struts Cross-site scripting Vulnerability

Published: 5/1/2022Modified: 11/8/2023

Description

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Affected packages (1)

Maven/org.apache.struts:struts-corefrom 0, <= 1.2.7

References (10)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2005-3745
WEBhttps://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
WEBhttps://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
WEBhttps://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
WEBhttps://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
WEBhttps://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
WEBhttps://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
WEBhttps://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
WEBhttp://www.redhat.com/support/errata/RHSA-2006-0157.html
WEBhttp://www.redhat.com/support/errata/RHSA-2006-0161.html