HomePentest-Tools.com Logo

Apache Struts Problem Report XSS Vulnerability (S2-025) CVE-2015-5169

Severity
CVSSv3 Score
6.1
Vulnerability description

Apache Struts is prone to a cross-site scripting (XSS) vulnerability. This VT has been merged into the VT Apache Struts Multiple Vulnerabilities (S2-021, S2-022, S2-023, S2-025) (OID: 1.3.6.1.4.1.25623.1.0.108629).

Risk description

The flaw exists due to an improper validation of input passed via the Problem Report screen when using debug mode. Successful exploitation will allow an attacker to execute arbitrary script code in the browser of user in the context of the affected site.

Recommendation

Update to version 2.3.20 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 25, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available