Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05ODQ4LXYyNDQtOTYycM4AAVXB

Apache Struts XSS

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

Permalink: https://github.com/advisories/GHSA-9848-v244-962p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ODQ4LXYyNDQtOTYycM4AAVXB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 9 months ago

EPSS Percentage: 0.00543
EPSS Percentile: 0.77181

Identifiers: GHSA-9848-v244-962p, CVE-2012-1007
References:

Blast Radius: 0.0

Affected Packages

maven:struts:struts

Dependent packages: 107
Dependent repositories: 540
Downloads:
Affected Version Ranges: <= 1.3.10
No known fixed version
All affected versions: 1.0.2, 1.2.2, 1.2.4, 1.2.7, 1.2.8, 1.2.9

maven:org.apache.struts:struts-core

Dependent packages: 84
Dependent repositories: 632
Downloads:
Affected Version Ranges: <= 1.3.10
No known fixed version
All affected versions: 1.3.5, 1.3.8, 1.3.9, 1.3.10