CVE-2008-6682

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

🔗 References (10)

cve@mitrehttp://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
cve@mitrehttp://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
cve@mitrehttp://www.securityfocus.com/bid/34686
cve@mitrehttps://issues.apache.org/struts/browse/WW-2414
cve@mitrehttps://issues.apache.org/struts/browse/WW-2427
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34686
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/struts/browse/WW-2414
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/struts/browse/WW-2427

Is Your Infrastructure Affected by CVE-2008-6682?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-6682

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-6682?