CVE-2006-1548 — Cross-site Scripting in Apache Struts

CWE-79 — Cross-site Scripting9 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

8.8%

top 7.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Struts

Timeline

PublishedMar 30

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/struts1.2.8

🔴Vulnerability Details

GHSA

Cross-site scripting in Apache Struts↗2022-05-01

▶

OSV

Cross-site scripting in Apache Struts↗2022-05-01

▶

CVEList

CVE-2006-1548: Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Found↗2006-03-30

▶

📋Vendor Advisories

Red Hat

struts LookupDispatchAction XSS↗2006-03-22

▶

💬Community

Bugzilla

CVE-2006-1548 struts LookupDispatchAction XSS↗2008-01-28

▶

Bugzilla

CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)↗2006-08-15

▶

Bugzilla

CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)↗2006-03-31

▶

Bugzilla

CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)↗2006-03-31

▶