4.3
CVSSv2

CVE-2012-1006

CVSSv4: NA | CVSSv3: NA | CVSSv2: 4.3 | VMScore: 530 | EPSS: 0.61374 | KEV: Not Included
Published: 07/02/2012 Updated: 21/11/2024

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.0.14

apache struts 2.2.3

Exploits

############################################################################## # # Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities # Author : Antu Sanadi SecPod Technologies (wwwsecpodcom) # Vendor : strutsapacheorg/ # Advisory : secpodorg/blog/?p=450 # secpodorg/advisories ...