Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Struts | 2.0.6 |
Related Weaknesses (CWE)
References
- http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3CPatch
- http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3CPatch
- http://www.securityfocus.com/bid/34686
- https://issues.apache.org/struts/browse/WW-2414Vendor Advisory
- https://issues.apache.org/struts/browse/WW-2427Vendor Advisory
- http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3CPatch
- http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3CPatch
- http://www.securityfocus.com/bid/34686
- https://issues.apache.org/struts/browse/WW-2414Vendor Advisory
- https://issues.apache.org/struts/browse/WW-2427Vendor Advisory
FAQ
What is CVE-2008-6682?
CVE-2008-6682 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated w...
How severe is CVE-2008-6682?
CVE-2008-6682 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6682?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts.