This host is running Apache Struts Showcase and is prone to multiple persistence cross-site scripting vulnerabilities.
Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Impact Level: Application.
Update Apache Struts to version 2.3.3 or later, For updates refer to http://struts.apache.org/download.cgi
Multiple flaws due to an, - Input passed via the 'name' and 'lastName' parameter in '/struts2-showcase/person/editPerson.action' is not properly verified before it is returned to the user. - Input passed via the 'clientName' parameter in '/struts2-rest-showcase/orders' action is not properly verified before it is returned to the user.
Apache Struts2 (Showcase) version 2.x to 2.2.3
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability