CVE

Id
54249  
CVE No.
CVE-2012-1006  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.  
Phase
Assigned (20120206)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
570139 54249 CVE-2012-1006 MISC:http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt  View
570140 54249 CVE-2012-1006 MISC:http://secpod.org/blog/?p=450  View
570141 54249 CVE-2012-1006 BID:51902  View
570142 54249 CVE-2012-1006 URL:http://www.securityfocus.com/bid/51902  View
570143 54249 CVE-2012-1006 XF:apache-struts-multiple-xss(72888)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
25627 JVNDB-2012-001334 WordPress 用 AllWebMenus プラグインの actions.php における任意の PHP コードを実行される脆弱性 WordPress 用 AllWebMenus プラグインの actions.php には、アクセス制限を回避され、任意の PHP コードをアップロードおよび実行される脆弱性が存在します。 CVE-2012-1011 54249 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001334.html  View