Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting in Apache Struts Vulnerabilities. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-1006 , CVE-2012-1007

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Share this article

This Post Has 3 Comments

  1. recepti za brze torte

    Good post over again . I am looking forward for your next post 😉

  2. René Gielen

    The issue is fixed as of Struts 2.3.3.

    The SecPod team has been informed, but so far the SecPod advisory wasn’t updated to reflect the fix.

  3. Veerendra GG

    Updated the solution section.

Comments are closed.