Moderate severityNVD Advisory· Published Apr 9, 2009· Updated Jun 16, 2026
CVE-2008-2025
CVE-2008-2025
Description
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
struts:strutsMaven | < 1.2.9-162.31.1 | 1.2.9-162.31.1 |
Affected products
6Patches
Vulnerability mechanics
References
12- download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xmlnvdPatchWEB
- github.com/advisories/GHSA-wcgx-2hvx-5cwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-2025ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlnvdWEB
- support.novell.com/security/cve/CVE-2008-2025.htmlnvdWEB
- bugzilla.novell.com/show_bug.cginvdWEB
- launchpad.net/bugs/cve/2008-2025nvdWEB
- web.archive.org/web/20090410082732/http://secunia.com/advisories/34642ghsaWEB
- web.archive.org/web/20090411051126/http://secunia.com/advisories/34567ghsaWEB
- osvdb.org/53380nvd
- secunia.com/advisories/34567nvd
- secunia.com/advisories/34642nvd
News mentions
0No linked articles in our index yet.