CVE-2012-1007

描述

### Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. ### Original Description Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`.

受影響套件(2)

• Maven/org.apache.struts:struts-corefrom 0, <= 1.3.10
• Maven/struts:strutsfrom 0, <= 1.3.10

參考連結(2)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-1007
• WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73052