Apache Struts struts-cookbook processSimple.do message Parameter XSS

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

A remote web application is vulnerable to a cross-site scripting

Description :

The remote web server hosts struts-cookbook, a demonstration
application for the Struts framework. Input passed via the 'message'
parameter to the 'processSimple.do' page is not properly sanitized
before using it to generate dynamic HTML.

By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code into a user's browser to be executed within the security context
of the affected site.

See also :


Solution :

Remove or restrict access to the Struts-cookbook application.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 60093 ()

Bugtraq ID: 51900

CVE ID: CVE-2012-1007

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial