CVE-2012-1007
Withdrawn Advisory: Apache Struts XSS
Description
### Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. ### Original Description Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`.
How to fix CVE-2012-1007
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
- —no fix listed
Is CVE-2012-1007 being exploited?
Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, <= 1.3.10
- from 0, <= 1.3.10