WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2006-1548 Vulnerability in maven package struts:struts

Description

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Remediation

References

http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

http://issues.apache.org/bugzilla/show_bug.cgi?id=38749

http://www.securityfocus.com/bid/17342

http://securitytracker.com/id?1015856

http://secunia.com/advisories/19493

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

http://secunia.com/advisories/20117

https://issues.apache.org/struts/browse/STR-2781

http://www.vupen.com/english/advisories/2006/1205

https://exchange.xforce.ibmcloud.com/vulnerabilities/25614

Related Vulnerabilities

CVE-2017-20160 Vulnerability in npm package express-param

CVE-2022-34298 Vulnerability in maven package org.openidentityplatform.openam:openam-auth-nt

CVE-2022-23541 Vulnerability in maven package org.webjars.npm:jsonwebtoken

CVE-2020-4077 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-29229 Vulnerability in npm package cassproject

Severity

Critical

Tags