CVE-2012-1007

EPSS 5.2%

Withdrawn Advisory: Apache Struts XSS

Published: 5/14/2022Modified: 5/15/2026

Description

### Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. ### Original Description Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`.

Affected packages (2)

Maven/org.apache.struts:struts-corefrom 0, <= 1.3.10
Maven/struts:strutsfrom 0, <= 1.3.10

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-1007
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73052