Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting in Apache Struts Vulnerabilities. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-1006 , CVE-2012-1007

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

0 0 votes
Article Rating
Subscribe
Notify of

3 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Good post over again . I am looking forward for your next post 😉

The issue is fixed as of Struts 2.3.3.

The SecPod team has been informed, but so far the SecPod advisory wasn’t updated to reflect the fix.