SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Apache Struts. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-1006 , CVE-2012-1007

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>