CVE-2006-1548
Cross-site scripting in Apache Struts
3.7
LOW
CVSS 3.1
EPSS 8.8%
Description
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
How to fix CVE-2006-1548
To remediate CVE-2006-1548, upgrade the affected package to a fixed version below.
- —upgrade to 1.2.9 or later
Is CVE-2006-1548 being exploited?
Moderate — EPSS is 8.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.2.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |