Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Apache Struts Showcase and is prone to multiple persistence cross-site scripting vulnerabilities.

Impact

Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Impact Level: Application.

Solution

Update Apache Struts to version 2.3.3 or later, For updates refer to http://struts.apache.org/download.cgi

Insight

Multiple flaws due to an, - Input passed via the 'name' and 'lastName' parameter in '/struts2-showcase/person/editPerson.action' is not properly verified before it is returned to the user. - Input passed via the 'clientName' parameter in '/struts2-rest-showcase/orders' action is not properly verified before it is returned to the user.

Affected

Apache Struts2 (Showcase) version 2.x to 2.2.3

Severity

Classification

CVE CVE-2012-1006

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability
Apache Subversion Module Metadata Accessible
An Image Gallery Directory Traversal Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities