CVE-2012-1006

Apache Struts 2.0.14-2.2.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Exploits (1)

exploitdb WORKING POC

webappsmultiple

https://www.exploit-db.com/exploits/18452

View Code ZIP pw:eip

References (4)

[Various Sources] http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt

[Various Sources] http://secpod.org/blog/?p=450

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72888

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51902

Scores

EPSS 0.7806

EPSS Percentile 99.0%

Details

CWE

CWE-79

Status published

Products (3)

apache/struts 2.0.14

apache/struts 2.2.3

org.apache.struts/struts2-parent 0 - 2.1.2Maven

Published Feb 07, 2012

Tracked Since Feb 18, 2026