Home > Vulnerability Database > CVE-2005-3745

Mend.io Vulnerability Database

CVE-2005-3745

Good to know:

Date: November 22, 2005

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Language: Java

Severity Score

3.7

Related Resources (22)

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3745

Url: http://securityreason.com/securityalert/197

Url: http://secunia.com/advisories/17677

Url: http://securitytracker.com/id?1015257

Url: https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html

Url: http://www.hacktics.com/AdvStrutsNov05.html

Url: http://www.vupen.com/english/advisories/2005/2525

Url: http://www.redhat.com/support/errata/RHSA-2006-0157.html

Url: http://www.redhat.com/support/errata/RHSA-2006-0161.html

Url: http://secunia.com/advisories/18341

Url: https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055

Url: https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

Url: http://www.osvdb.org/21021

Url: http://www.securityfocus.com/archive/1/417296/30/0/threaded

Url: https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded

Url: https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E

Url: https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512

Url: https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

Url: http://www.securityfocus.com/bid/15512

Url: https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E

Url: https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html

Url: https://www.mend.io/vulnerability-database/CVE-2005-3745

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

Top Fix

Upgrade Version

Upgrade to version 1.2.8

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2005-3745

Good to know:

Date: November 22, 2005

Language: Java

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?