CVE-2008-2025: XSS
First published: Thu Apr 09 2009(Updated: )
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/struts:struts | <1.2.9-162.31.1 | 1.2.9-162.31.1 |
| Apache Struts 2 | =1.0.2 | |
| Apache Struts 2 | =1.1 | |
| Apache Struts 2 | =1.2.4 | |
| Apache Struts 2 | =1.2.7 | |
| Apache Struts 2 | =1.2.8 | |
| SUSE Linux | =11 | |
| SUSE Linux | =10.3 | |
| SUSE Linux | =11.0 | |
| SUSE Linux | =11.1 | |
| All of | ||
| Any of | ||
| Apache Struts 2 | =1.0.2 | |
| Apache Struts 2 | =1.1 | |
| Apache Struts 2 | =1.2.4 | |
| Apache Struts 2 | =1.2.7 | |
| Apache Struts 2 | =1.2.8 | |
| Any of | ||
| SUSE Linux | =11 | |
| SUSE Linux | =10.3 | |
| SUSE Linux | =11.0 | |
| SUSE Linux | =11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml
- https://launchpad.net/bugs/cve/2008-2025
- https://bugzilla.novell.com/show_bug.cgi?id=385273
- http://support.novell.com/security/cve/CVE-2008-2025.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/34642
- http://osvdb.org/53380
- http://secunia.com/advisories/34567
- https://nvd.nist.gov/vuln/detail/CVE-2008-2025
- https://web.archive.org/web/20090410082732/http://secunia.com/advisories/34642
- https://web.archive.org/web/20090411051126/http://secunia.com/advisories/34567
- https://github.com/advisories/GHSA-wcgx-2hvx-5cwr (Advisory)
Frequently Asked Questions
What is the severity of CVE-2008-2025?
CVE-2008-2025 is classified as a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2008-2025?
To fix CVE-2008-2025, upgrade Apache Struts to version 1.2.9-162.31.1 or later.
What versions of Apache Struts are affected by CVE-2008-2025?
Affected versions include Apache Struts 1.0.2, 1.1, 1.2.4, 1.2.7, and 1.2.8.
What platforms are vulnerable to CVE-2008-2025?
Vulnerable platforms include SUSE Linux Enterprise 11, SUSE openSUSE 10.3, 11.0, and 11.1.
What type of attack does CVE-2008-2025 allow?
CVE-2008-2025 allows remote attackers to inject arbitrary web scripts into web pages.
- collector/nvd-historical
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wcgx-2hvx-5cwr
- alias/CVE-2008-2025
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/maven
- vendor/apache
- canonical/apache struts 2
- version/apache struts 2/1.0.2
- version/apache struts 2/1.1
- version/apache struts 2/1.2.4
- version/apache struts 2/1.2.7
- version/apache struts 2/1.2.8
- vendor/novell
- canonical/suse linux
- version/suse linux/11
- vendor/opensuse
- version/suse linux/10.3
- version/suse linux/11.0
- version/suse linux/11.1