Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1006

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1006
Last Modified 13 Feb 2012 11:11:13
Published 06 Feb 2012 11:09:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1006

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Vulnerable Systems

Application

  • Apache Struts 2.0.14

  • Apache Struts 2.2.3


References

MISC - http://secpod.org/blog/?p=450

MISC - http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt

XF - apache-struts-multiple-xss(72888)

BID - 51902


Last Updated: 27 May 2016 10:57:24