Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-dojo-plugin@0.4.2

Type maven

Namespace org.apache.struts

Name struts2-dojo-plugin

Version 0.4.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.4.3

Latest_non_vulnerable_version 0.4.3

Affected_by_vulnerabilities

url VCID-hq31-jdg5-q3gc

vulnerability_id VCID-hq31-jdg5-q3gc

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-6726

reference_id

reference_type

scores

value	0.01747
scoring_system	epss
scoring_elements	0.82861
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-6726

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49884

reference_url	https://issues.apache.org/struts/browse/WW-2134
reference_id
reference_type
scores
url	https://issues.apache.org/struts/browse/WW-2134

reference_url	http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
reference_id
reference_type
scores
url	http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds

reference_url	http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
reference_id
reference_type
scores
url	http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately

reference_url	http://www.dojotoolkit.org/releaseNotes/0.4.3
reference_id
reference_type
scores
url	http://www.dojotoolkit.org/releaseNotes/0.4.3

reference_url	http://www.securityfocus.com/bid/34660
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/34660

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2007-6726
reference_id	CVE-2007-6726
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2007-6726

reference_url	https://github.com/advisories/GHSA-rm26-w253-9qv7
reference_id	GHSA-rm26-w253-9qv7
reference_type
scores
url	https://github.com/advisories/GHSA-rm26-w253-9qv7

fixed_packages

url	pkg:maven/org.apache.struts/struts2-dojo-plugin@0.4.3
purl	pkg:maven/org.apache.struts/struts2-dojo-plugin@0.4.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-dojo-plugin@0.4.3

aliases CVE-2007-6726, GHSA-rm26-w253-9qv7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq31-jdg5-q3gc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-dojo-plugin@0.4.2

Package Instance