Lucene search

K

Veracode Vulnerability DatabaseVERACODE:7787

HistoryNov 14, 2018 - 2:37 a.m.

Cross-Site Scripting (XSS)

2018-11-1402:37:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

0.015 Low

EPSS

Percentile

86.8%

Apache Struts is vulnerable to cross-site scripting. A lack of validation in the parameter name allows a remote attacker to inject arbitrary Javascript through an error message. The vulnerability affects LookupDispatchAction, DispatchAction and ActionDispatcher.

CPENameOperatorVersion
strutsle1.2.8

References

issues.apache.org/bugzilla/show_bug.cgi?id=38749

lists.suse.com/archive/suse-security-announce/2006-May/0004.html

secunia.com/advisories/19493

secunia.com/advisories/20117

securitytracker.com/id?1015856

struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

www.securityfocus.com/bid/17342

www.vupen.com/english/advisories/2006/1205

bugzilla.redhat.com/show_bug.cgi?id=430531

exchange.xforce.ibmcloud.com/vulnerabilities/25614

issues.apache.org/struts/browse/STR-2781

0.015 Low

EPSS

Percentile

86.8%

Related for VERACODE:7787

osv1 ubuntucve1 prion1 nvd1 cve1 cvelist1 github1 openvas2 redhat1 ibm1