CVE-2008-6682

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.x before 2.0.11.1 Apache Struts versions 2.1.x before 2.1.1

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The improper handling of href attribute of an s:a tag, specifically with double quote characters, and parameters in the action attribute of an s:url tag are the causes of these vulnerabilities.

Recommendations For Apache Struts versions 2.0.x before 2.0.11.1, update to version 2.0.11.1 or later. For Apache Struts versions 2.1.x before 2.1.1, update to version 2.1.1 or later.