Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting in Apache Struts Vulnerabilities. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-1006 , CVE-2012-1007

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

0 0 votes
Article Rating
Subscribe
Notify of

3 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Good post over again . I am looking forward for your next post ūüėČ

The issue is fixed as of Struts 2.3.3.

The SecPod team has been informed, but so far the SecPod advisory wasn’t updated to reflect the fix.