Cross-Site Scripting Vulnerability in Apache Struts by The Apache Software Foundation
CVE-2015-2992

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache Struts
Vendor
CVE Published:
27 February 2020

Summary

Apache Struts versions prior to 2.3.20 are susceptible to a cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, compromising user data and potentially leading to sessions hijacking, redirection to malicious sites, or the exposure of sensitive information. It highlights the necessity for developers to implement robust sanitization and validation mechanisms to safeguard against such vulnerabilities.

Affected Version(s)

Apache Struts before 2.3.20

References

http://jvn.jp/en/jp/JVN88408929/index.html
x_refsource_MISC
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
x_refsource_MISC
http://www.securityfocus.com/bid/76624
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.