CVE-2005-3745

Apache Struts - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Irene Abezgauz · textremotemultiple

https://www.exploit-db.com/exploits/26542

View Code ZIP pw:eip

References (13)

[Exploit, Patch, Vendor Advisory] http://www.hacktics.com/AdvStrutsNov05.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0157.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0161.html

[Exploit, Patch] http://www.securityfocus.com/bid/15512

[Mailing List] https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/417296/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21021

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015257

[Third Party Advisory] http://secunia.com/advisories/17677

[Third Party Advisory] http://secunia.com/advisories/18341

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2525

[Third Party Advisory] http://securityreason.com/securityalert/197

Scores

EPSS 0.5907

EPSS Percentile 98.2%

Details

Status published

Products (2)

apache/struts 1.2.7

org.apache.struts/struts-core 0Maven

Published Nov 22, 2005

Tracked Since Feb 18, 2026