CVE-2008-6682
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
1.43
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2008-6682 are fixed in Apache-struts2-core 2.0.11.1 | Windows |
| Vulnerabilities CVE-2008-6682 are fixed in Apache-struts2-core 2.1.1 | Windows |
| Vulnerabilities CVE-2008-6682 are fixed in Apache-structs2-core for Linux 2.0.11.1 | Linux |
| Vulnerabilities CVE-2008-6682 are fixed in Apache-structs2-core for Linux 2.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234