PT-2009-1188 · Suse+1 · Opensuse+2

Published

2009-04-09

Updated

2022-05-01

CVE-2008-2025

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 1.2.9-162.31.1 on SUSE Linux Enterprise 11 Apache Struts versions prior to 1.2.9-108.2 on SUSE openSUSE 10.3 Apache Struts versions prior to 1.2.9-198.2 on SUSE openSUSE 11.0 Apache Struts versions prior to 1.2.9-162.163.2 on SUSE openSUSE 11.1

Description The issue is related to a cross-site scripting (XSS) vulnerability due to insufficient quoting of parameters, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For Apache Struts on SUSE Linux Enterprise 11, update to version 1.2.9-162.31.1 or later. For Apache Struts on SUSE openSUSE 10.3, update to version 1.2.9-108.2 or later. For Apache Struts on SUSE openSUSE 11.0, update to version 1.2.9-198.2 or later. For Apache Struts on SUSE openSUSE 11.1, update to version 1.2.9-162.163.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-2025

GHSA-WCGX-2HVX-5CWR

Affected Products

Apache Struts

Suse Linux Enterprise

Opensuse

PT-2009-1188 · Suse+1 · Opensuse+2

CVE-2008-2025

Weakness Enumeration

Related Identifiers

Affected Products

References · 13