GHSA-9848-v244-962p

Source

https://github.com/advisories/GHSA-9848-v244-962p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9848-v244-962p/GHSA-9848-v244-962p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9848-v244-962p

Aliases

CVE-2012-1007

Published

2022-05-14T02:21:24Z

Modified

2024-12-03T06:07:59.867824Z

Summary

Apache Struts XSS

Details

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

Database specific

{
    "nvd_published_at": "2012-02-07T04:09:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T21:09:51Z"
}

References

Affected packages

Maven / org.apache.struts:struts-core

Package

Name: org.apache.struts:struts-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.10

Affected versions

1.*

1.3.5

1.3.8

1.3.9

1.3.10

Maven / struts:struts

Package

Name: struts:struts; View open source insights on deps.dev
Purl: pkg:maven/struts/struts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.10

Affected versions

1.*

1.0.2

1.1-beta-2

1.1-b2-20021124

1.1-b3

1.1-rc1

1.1-rc2

1.1

1.2.2

1.2.4

1.2.7

1.2.8

1.2.9