WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2006-1548 Vulnerability in maven package struts:struts

Description

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Remediation

References

http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

http://issues.apache.org/bugzilla/show_bug.cgi?id=38749

http://www.securityfocus.com/bid/17342

http://securitytracker.com/id?1015856

http://secunia.com/advisories/19493

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

http://secunia.com/advisories/20117

https://issues.apache.org/struts/browse/STR-2781

http://www.vupen.com/english/advisories/2006/1205

https://exchange.xforce.ibmcloud.com/vulnerabilities/25614

Related Vulnerabilities

CVE-2021-23346 Vulnerability in maven package org.webjars.npm:html-parse-stringify2

CVE-2023-26055 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2021-43861 Vulnerability in npm package mermaid

CVE-2014-3596 Vulnerability in maven package axis:axis

CVE-2011-1419 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

Critical

Tags

NVD-CWE-Other