CVE-2005-3745 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Affected Software

Name	Vendor	Start Version	End Version
Struts	Apache	1.2.7 (including)	1.2.7 (including)
Libstruts1.2-java	Ubuntu	dapper	*
Libstruts1.2-java	Ubuntu	devel	*
Libstruts1.2-java	Ubuntu	edgy	*
Libstruts1.2-java	Ubuntu	feisty	*
Red Hat Application Server 3AS	RedHat		*
Red Hat Application Server v2 4AS	RedHat		*

References

http://secunia.com/advisories/17677
http://secunia.com/advisories/18341
http://securityreason.com/securityalert/197
http://securitytracker.com/id?1015257
http://www.hacktics.com/AdvStrutsNov05.html
http://www.osvdb.org/21021
http://www.redhat.com/support/errata/RHSA-2006-0157.html
http://www.redhat.com/support/errata/RHSA-2006-0161.html
http://www.securityfocus.com/archive/1/417296/30/0/threaded
http://www.securityfocus.com/bid/15512
http://www.vupen.com/english/advisories/2005/2525
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3745
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html