CVE-2006-1548

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 1.2.9

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. This affects components such as LookupDispatchAction, DispatchAction, and ActionDispatcher.

Recommendations: For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider filtering or validating user input for the parameter name to prevent injection of malicious scripts. Restrict access to error messages that may contain user-input data to minimize the risk of exploitation.