CVE-2005-3745

Name of the Vulnerable Software and Affected Versions Apache Struts version 1.2.7

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the query string. This occurs because the query string is not properly quoted or filtered when the request handler generates an error message.

Recommendations For Apache Struts version 1.2.7, update to a version that properly quotes or filters the query string to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.