SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Apache Struts. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.
More information can be found here.
Welcome any feedback or suggestion.
SecPod Research Team