CVE-2006-1548 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-1548 Interim 1 3 2021-06-09T08:36:39Z current 2021-05-30T12:35:13Z 2021-06-09T08:36:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-1548 Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2006-05/msg00013.html E-Mail link for SUSE-SR:2006:010 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. CVE-2006-1548 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N