Apache Struts struts-cookbook processSimple.do message Parameter XSS

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

A remote web application is vulnerable to a cross-site scripting

Description :

The remote web server hosts struts-cookbook, a demonstration
application for the Struts framework. Input passed via the 'message'
parameter to the 'processSimple.do' page is not properly sanitized
before using it to generate dynamic HTML.

By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code into a user's browser to be executed within the security context
of the affected site.

See also :


Solution :

Remove or restrict access to the Struts-cookbook application.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 60093 ()

Bugtraq ID: 51900

CVE ID: CVE-2012-1007

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now