SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting in Apache Struts Vulnerabilities. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.
More information can be found here.
CVE Info : CVE-2012-1006 , CVE-2012-1007
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team
Good post over again . I am looking forward for your next post 😉
The issue is fixed as of Struts 2.3.3.
The SecPod team has been informed, but so far the SecPod advisory wasn’t updated to reflect the fix.
Updated the solution section.