Filter HTML attribute values
----------------------------
Key: STR-3191
URL: https://issues.apache.org/struts/browse/STR-3191
Project: Struts 1
Issue Type: Bug
Components: Tag Libraries
Affects Versions: 1.3.10, 1.2.9
Reporter: Paul Benedict
Assignee: Paul Benedict
Priority: Blocker
Fix For: 1.3.11, 1.4.0
Allows remote attackers to inject arbitrary web script or HTML via unspecified
vectors related to "insufficient quoting of parameters.
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2025
* http://support.novell.com/security/cve/CVE-2008-2025.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
