XSS in Apache Struts
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.762 (98.9th percentile) — read the EPSS interpretation.
Affected products
- Apache Struts — versions 2.0.14, 2.2.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- apache-struts-multiple-xss(72888) (vdb-entry, x_refsource_XF)
- 51902 (vdb-entry, x_refsource_BID)