CVE-2008-2025

Published: 9 April 2009

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."

Priority

Status

Package	Release	Status
libstruts1.1-java Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage
libstruts1.2-java Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	gutsy	Ignored (end of life, was needs-triage)
	hardy	Ignored (end of life)
	intrepid	Ignored (end of life, was needed)
	jaunty	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Not vulnerable (1.2.9-3.1)
	maverick	Not vulnerable (1.2.9-3.1)
	natty	Not vulnerable (1.2.9-3.1)
	oneiric	Not vulnerable (1.2.9-3.1)
	upstream	Released (1.2.9-3.1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2008-2025

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading