Lucene search

K
osvGoogleOSV:GHSA-9848-V244-962P
HistoryMay 14, 2022 - 2:21 a.m.

Apache Struts XSS

2022-05-1402:21:24
Google
osv.dev
13
apache
struts
cross-site scripting
vulnerabilities
remote attackers
web script
html
parameters
upload
cookbook
processsimple
processdyna
software

EPSS

0.004

Percentile

71.9%

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

EPSS

0.004

Percentile

71.9%