struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "brian neisen (JIRA)" <>
Subject [jira] [Created] (WW-4507) Struts 2 XSS vulnerability with <s:textfield>
Date Thu, 28 May 2015 15:34:17 GMT
brian neisen created WW-4507:

             Summary: Struts 2 XSS vulnerability with <s:textfield>
                 Key: WW-4507
             Project: Struts 2
          Issue Type: Bug
    Affects Versions:
         Environment: Operating System:  Windows 7.  Application Server:  JBoss-4.2.1.GA.
 Java: jdk1.5.0.11.  Developloment Framework:  Struts  Browser:  FireFox 38.0.1
            Reporter: brian neisen

WhiteHat Security ( has found an xss vulnerability with the <s:textfield>
tag.   When loading a url in a browser with some param name, in this case "myinput", and the
jsp being loaded has the tag <s:textfield name="myinput" id="myinput"></s:textfield>,
an alert message is popped open in the browser- which is WhiteHat's method of showing the
vulnerability.  Example url, enclosed in square brackets is: [http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]

This message was sent by Atlassian JIRA

View raw message