CVE-2008-2025

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
apachestruts
1.0.2
apachestruts
1.1
apachestruts
1.2.4
apachestruts
1.2.7
apachestruts
1.2.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.1-java
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
libstruts1.2-java
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://osvdb.org/53380
http://secunia.com/advisories/34567
http://secunia.com/advisories/34642
http://support.novell.com/security/cve/CVE-2008-2025.html
https://bugzilla.novell.com/show_bug.cgi?id=385273
https://launchpad.net/bugs/cve/2008-2025
http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://osvdb.org/53380
http://secunia.com/advisories/34567
http://secunia.com/advisories/34642
http://support.novell.com/security/cve/CVE-2008-2025.html
https://bugzilla.novell.com/show_bug.cgi?id=385273
https://launchpad.net/bugs/cve/2008-2025