CVE-2011-2087 – org.apache.struts:struts2-parent

Package

Manager: maven
Name: org.apache.struts:struts2-parent
Vulnerable Version: >=0 <2.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01391 pctl0.79639

Details

Apache Struts Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a `.action` URI, related to improper handling of value attributes in 1. `FileHandler.java` 1. `HiddenHandler.java` 1. `PasswordHandler.java` 1. `RadioHandler.java` 1. `ResetHandler.java` 1. `SelectHandler.java` 1. `SubmitHandler.java` 1. `TextFieldHandler.java`

Metadata

Created: 2022-05-17T05:41:08Z
Modified: 2024-01-19T18:23:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pgj-r7c6-7c7w/GHSA-5pgj-r7c6-7c7w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-5pgj-r7c6-7c7w
Finding: F008
Auto approve: 1