Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Apache Struts Showcase and is prone to multiple persistence cross-site scripting vulnerabilities.

Impact

Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Impact Level: Application.

Solution

Update Apache Struts to version 2.3.3 or later, For updates refer to http://struts.apache.org/download.cgi

Insight

Multiple flaws due to an, - Input passed via the 'name' and 'lastName' parameter in '/struts2-showcase/person/editPerson.action' is not properly verified before it is returned to the user. - Input passed via the 'clientName' parameter in '/struts2-rest-showcase/orders' action is not properly verified before it is returned to the user.

Affected

Apache Struts2 (Showcase) version 2.x to 2.2.3

Severity

Classification

CVE CVE-2012-1006
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat Login Constraints Security Bypass Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities