ByteOS Network

NVD Vulnerability Details :

CVE-2005-3745

Modified

Source-cve@mitre.org

Published At-22 Nov, 2005 | 11:03

Updated At-16 Apr, 2026 | 00:27

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

The Apache Software Foundation

>>struts>>1.2.7

cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/17677	cve@mitre.org	N/A
http://secunia.com/advisories/18341	cve@mitre.org	N/A
http://securityreason.com/securityalert/197	cve@mitre.org	N/A
http://securitytracker.com/id?1015257	cve@mitre.org	N/A
http://www.hacktics.com/AdvStrutsNov05.html	cve@mitre.org	Exploit Patch Vendor Advisory
http://www.osvdb.org/21021	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2006-0157.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2006-0161.html	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/417296/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/15512	cve@mitre.org	Exploit Patch
http://www.vupen.com/english/advisories/2005/2525	cve@mitre.org	N/A
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E	cve@mitre.org	N/A
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E	cve@mitre.org	N/A
http://secunia.com/advisories/17677	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/18341	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securityreason.com/securityalert/197	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1015257	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.hacktics.com/AdvStrutsNov05.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch Vendor Advisory
http://www.osvdb.org/21021	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2006-0157.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2006-0161.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/417296/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/15512	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
http://www.vupen.com/english/advisories/2005/2525	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A