CVE-2008-2025: XSS
First published: Thu Apr 09 2009(Updated: )
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/struts:struts | <1.2.9-162.31.1 | 1.2.9-162.31.1 |
| All of | ||
| Any of | ||
| Apache Struts | =1.0.2 | |
| Apache Struts | =1.1 | |
| Apache Struts | =1.2.4 | |
| Apache Struts | =1.2.7 | |
| Apache Struts | =1.2.8 | |
| Any of | ||
| Novell Suse Linux | =11 | |
| openSUSE openSUSE | =10.3 | |
| openSUSE openSUSE | =11.0 | |
| openSUSE openSUSE | =11.1 | |
| Apache Struts | =1.0.2 | |
| Apache Struts | =1.1 | |
| Apache Struts | =1.2.4 | |
| Apache Struts | =1.2.7 | |
| Apache Struts | =1.2.8 | |
| Novell Suse Linux | =11 | |
| openSUSE openSUSE | =10.3 | |
| openSUSE openSUSE | =11.0 | |
| openSUSE openSUSE | =11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
- https://launchpad.net/bugs/cve/2008-2025
- https://bugzilla.novell.com/show_bug.cgi?id=385273
- http://support.novell.com/security/cve/CVE-2008-2025.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/34642
- http://osvdb.org/53380
- http://secunia.com/advisories/34567
- https://nvd.nist.gov/vuln/detail/CVE-2008-2025
- https://web.archive.org/web/20090410082732/http://secunia.com/advisories/34642
- https://web.archive.org/web/20090411051126/http://secunia.com/advisories/34567
- https://github.com/advisories/GHSA-wcgx-2hvx-5cwr (Advisory)
- collector/nvd-historical
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wcgx-2hvx-5cwr
- alias/CVE-2008-2025
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/github-advisory
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/trending
- package-manager/maven
- vendor/apache
- canonical/apache struts
- version/apache struts/1.0.2
- version/apache struts/1.1
- version/apache struts/1.2.4
- version/apache struts/1.2.7
- version/apache struts/1.2.8
- vendor/novell
- canonical/novell suse linux
- version/novell suse linux/11
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/10.3
- version/opensuse opensuse/11.0
- version/opensuse opensuse/11.1