VDB
CVE-2005-3745
CVE-2005-3745
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
EPSS 59.07% · 98.3th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
59.07%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | struts | 1.2.7 |
| Maven | org.apache.struts:struts-core | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- RHSA-2006:0157 (circl)
- RHSA-2006:0161 (circl)
- ADV-2005-2525 (circl)
- 21021 (circl)
- 20051121 Security Advisory: Struts Error Message Cross Site Scripting (circl)
- 1015257 (circl)
- 197 (circl)
- 17677 (circl)
- 18341 (circl)
- [struts-issues] 20201207 [jira] [Created] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327 (circl)
…and 3 more exploits
Timeline
- Nov 22, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 5, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 19, 2025 EPSS Score
- Apr 20, 2025 EPSS Score
References
- RHSA-2006:0161 vendor-advisory
- ADV-2005-2525 vdb
- 21021 vdb
- 15512 vdb
- http://www.hacktics.com/AdvStrutsNov05.html url
- 20051121 Security Advisory: Struts Error Message Cross Site Scripting mailing-list
- RHSA-2006:0157 vendor-advisory
- 1015257 vdb
- 197 third-party-advisory
- 17677 third-party-advisory
- 18341 third-party-advisory
- [struts-issues] 20201207 [jira] [Created] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327 mailing-list
- [struts-issues] 20201207 [jira] [Updated] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327 mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2005-3745 advisory
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E url
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E url
- https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html url
- https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html url
- https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512 url
- https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded url
…and 1 more