CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1006

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.845

EPSS Ranking 99.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt
http://secpod.org/blog/?p=450
http://www.securityfocus.com/bid/51902
https://exchange.xforce.ibmcloud.com/vulnerabilities/72888
http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt
http://secpod.org/blog/?p=450
http://www.securityfocus.com/bid/51902
https://exchange.xforce.ibmcloud.com/vulnerabilities/72888

Products affected by CVE-2012-1006

Apache » Struts » Version: 2.0.14

cpe:2.3:a:apache:struts:2.0.14
Apache » Struts » Version: 2.2.3

cpe:2.3:a:apache:struts:2.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1006

Products

Pricing

Contact Us