HomePentest-Tools.com Logo

Apache Struts < 2.3.3 Showcase Multiple Persistent XSS Vulnerabilities CVE-2012-1006

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Struts Showcase is prone to multiple persistent cross-site scripting (XSS) vulnerabilities.

Risk description

Multiple flaws exist due to: - Input passed via the name and lastName parameter in /struts2-showcase/person/editPerson.action is not properly verified before it is returned to the user. - Input passed via the clientName parameter in /struts2-rest-showcase/orders action is not properly verified before it is returned to the user. Successful exploitation could allow an attacker to execute arbitrary HTML code in a users browser session in the context of a vulnerable application.

Recommendation

Update to version 2.3.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 7, 2012
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available