JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution

Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...

Apache Struts多个HTML代码注入漏洞

BUGTRAQ ID: 51902 CVE ID: CVE-2012-1006 Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts在实现上存在多个HTML注入漏洞，攻击者可利用这些漏洞在受影响浏览器中运行HTML和脚本代码，窃取Cookie身份验证凭证或控制站点外观。 0 Apache Group Struts 2.2.3 Apache Group Struts 2.0.14 厂商补丁： Apache Group ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版...

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities

This host is running Apache Struts and is prone to multiple Cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestrutscookbooknexmpmulxssvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities Authors: Antu...

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

This host is running Apache Struts Showcase and is prone to multiple persistence cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestrutsshowcasemultiplexssvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Apache Struts Showcase Multiple Persistence Cross-Site Scripting...

Apache Struts < 2.3.3 Showcase Multiple Persistent XSS Vulnerabilities

Apache Struts Showcase is prone to multiple persistent cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Apache Struts <= 1.3.10 CookBook/Examples Multiple XSS Vulnerabilities

Apache Struts is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2012-1007

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

CVE-2012-1007

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

CVE-2012-1007

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...

CVE-2012-1007

CVE-2012-1007 is an XSS vulnerability in Apache Struts 1.3.10. The issue allows remote attackers to inject arbitrary scripts via (1) name in struts-examples/upload/upload-submit.do, or (2) message in struts-cookbook/processSimple.do, or (3) struts-cookbook/processDyna.do. The IBM/OSS sources iden...

CVE-2012-1006

CVE-2012-1006 refers to multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3. The flaws allow remote attackers to inject arbitrary web script or HTML via parameters in the Struts2 showcase applications: (1) name, (2) lastName to struts2-showcase/person/editPerson....

Apache Struts 1.3.10 / 2.0.14 / 2.2.3 Cross Site Scripting

Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://struts.apache.org/ Advisory : http://secpod.org/blog/?p=450 http://secpod.org/advisories/SecPodApacheStrutsMultipleParsistantXSSVulns.txt Software...

Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities

Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://struts.apache.org/ Advisory : http://secpod.org/blog/?p=450...

Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit for multiple platform in category web applications Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://struts.apache.org/ Advisory : http://secpod.org/blog/?p=450...

Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities

Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://struts.apache.org/ Advisory : http://secpod.org/blog/?p=450 http://secpod.org/advisories/SecPodApacheStrutsMultipleParsistantXSSVulns.txt Software...

Apache-Struts < 2.2.0 RCE Windows

Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...