Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3745Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Apache Struts

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
59.1%
top 1.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Struts
Timeline
PublishedNov 22
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/struts1.2.7

Patches

Patch: www.hacktics.comPatch: www.securityfocus.comPatch: www.hacktics.com

🔴Vulnerability Details

3
OSV
Apache Struts Cross-site scripting Vulnerability2022-05-01
GHSA
Apache Struts Cross-site scripting Vulnerability2022-05-01
CVEList
CVE-2005-3745: Cross-site scripting (XSS) vulnerability in Apache Struts 12005-11-22

💥Exploits & PoCs

1
Exploit-DB
Apache Struts 1.2.7 - Error Response Cross-Site Scripting2005-11-21

📋Vendor Advisories

1
Red Hat
security flaw2005-11-21

💬Community

3
Bugzilla
CVE-2005-3745 security flaw2018-08-16
Bugzilla
CVE-2005-3745 struts cross site scripting flaw2005-11-22
Bugzilla
CVE-2005-3745 struts cross site scripting flaw2005-11-22
CVE-2005-3745 — Apache Struts vulnerability | cvebase