CVE-2005-3745 – Apache Struts 1.2.7 - Error Response Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2005-3745

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apache Struts 1.2.7, y posiblemente otras versiones, permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante la cadena de consulta, que no es entrecomillada o filtrada adecuadamente cuando el manejador de peticiones genera un mensaje de error. • https://www.exploit-db.com/exploits/26542 http://secunia.com/advisories/17677 http://secunia.com/advisories/18341 http://securityreason.com/securityalert/197 http://securitytracker.com/id?1015257 http://www.hacktics.com/AdvStrutsNov05.html http://www.osvdb.org/21021 http://www.redhat.com/support/errata/RHSA-2006-0157.html http://www.redhat.com/support/errata/RHSA-2006-0161.html http://www.securityfocus.com/archive/1/417296/30/0/threaded http://www.securityfocus.com/bid/ •