CVE-2012-1007: XSS
First published: Tue Feb 07 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Struts | =1.3.10 | |
| maven/struts:struts | <=1.3.10 | |
| maven/org.apache.struts:struts-core | <=1.3.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2012-1007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73052
- https://github.com/advisories/GHSA-9848-v244-962p (Advisory)
- http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt
- http://secpod.org/blog/?p=450
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/51900
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9848-v244-962p
- alias/CVE-2012-1007
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/softwarecombine
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache struts
- version/apache struts/1.3.10
- package-manager/maven