CVE-2005-3745

{"id": "CVE-2005-3745", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-22T11:03:00.000", "references": [{"url": "http://secunia.com/advisories/17677", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18341", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/197", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015257", "source": "cve@mitre.org"}, {"url": "http://www.hacktics.com/AdvStrutsNov05.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21021", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0157.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/417296/30/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15512", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2525", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17677", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18341", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/197", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015257", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.hacktics.com/AdvStrutsNov05.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/21021", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0157.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/417296/30/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/15512", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2005/2525", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apache Struts 1.2.7, y posiblemente otras versiones, permite a atacantes remotos inyectar 'script' web o HTML de su elecci\u00f3n mediante la cadena de consulta, que no es entrecomillada o filtrada adecuadamente cuando el manejador de peticiones genera un mensaje de error."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC81E1A-2779-4FAF-866C-970752CD1828"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}