GHSA-5pgj-r7c6-7c7w

Suggest an improvement
Source
https://github.com/advisories/GHSA-5pgj-r7c6-7c7w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pgj-r7c6-7c7w/GHSA-5pgj-r7c6-7c7w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5pgj-r7c6-7c7w
Aliases
  • CVE-2011-2087
Published
2022-05-17T05:41:08Z
Modified
2024-02-16T08:22:33.005785Z
Summary
Apache Struts Multiple XSS Vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in 1. FileHandler.java 1. HiddenHandler.java 1. PasswordHandler.java 1. RadioHandler.java 1. ResetHandler.java 1. SelectHandler.java 1. SubmitHandler.java 1. TextFieldHandler.java

References

Affected packages

Maven / org.apache.struts:struts2-parent

Package

Name
org.apache.struts:struts2-parent
View open source insights on deps.dev
Purl
pkg:maven/org.apache.struts/struts2-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3

Affected versions

2.*

2.0.5
2.0.6
2.0.8
2.0.9
2.0.11
2.0.11.1
2.0.11.2
2.0.12
2.0.14
2.1.2
2.1.6
2.1.8
2.1.8.1
2.2.1
2.2.1.1