CVE-2007-6726
Apache Struts Dojo Plugin XSS Vulnerability
EPSS 1.7%
Description
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) `xip_client.html` and (2) `xip_server.html` in `src/io/`.
How to fix CVE-2007-6726
To remediate CVE-2007-6726, upgrade the affected package to a fixed version below.
- Maven/org.apache.struts:struts2-dojo-plugin—upgrade to 0.4.3 or later
Is CVE-2007-6726 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.4.1, < 0.4.3