CVE-2008-2025

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 1.2.9-162.31.1 on SUSE Linux Enterprise 11 Apache Struts versions prior to 1.2.9-108.2 on SUSE openSUSE 10.3 Apache Struts versions prior to 1.2.9-198.2 on SUSE openSUSE 11.0 Apache Struts versions prior to 1.2.9-162.163.2 on SUSE openSUSE 11.1

Description The issue is related to a cross-site scripting (XSS) vulnerability due to insufficient quoting of parameters, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For Apache Struts on SUSE Linux Enterprise 11, update to version 1.2.9-162.31.1 or later. For Apache Struts on SUSE openSUSE 10.3, update to version 1.2.9-108.2 or later. For Apache Struts on SUSE openSUSE 11.0, update to version 1.2.9-198.2 or later. For Apache Struts on SUSE openSUSE 11.1, update to version 1.2.9-162.163.2 or later.