This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references.
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
| Score | Percentile |
|---|---|
| 23.02% | 95.84% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-9848-v244-962p ↗ |
| CVE | CVE-2012-1007 ↗ |
| CWE id | Name |
|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| maven | org.apache.struts:struts-core | <= 1.3.10 | — | — |
| maven | struts:struts | <= 1.3.10 | — | — |