Moderate severityNVD Advisory· Published Feb 7, 2012· Updated Jun 16, 2026
CVE-2012-1007
CVE-2012-1007
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts-coreMaven | <= 1.3.10 | — |
struts:strutsMaven | <= 1.3.10 | — |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/hadoop-fips-3.4.2pkg:maven/org.apache.struts/struts-corepkg:maven/struts/struts
< 3.3.6-r21+ 3 more
- (no CPE)range: < 3.3.6-r21
- (no CPE)range: < 3.4.2-r0
- (no CPE)range: <= 1.3.10
- (no CPE)range: <= 1.3.10
Patches
Vulnerability mechanics
References
8- secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txtnvdExploit
- github.com/advisories/GHSA-9848-v244-962pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1007ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/73052nvdWEB
- secpod.org/blog/nvd
- www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
- www.securityfocus.com/bid/51900nvd
News mentions
0No linked articles in our index yet.