GHSA-5pgj-r7c6-7c7w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5pgj-r7c6-7c7w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pgj-r7c6-7c7w/GHSA-5pgj-r7c6-7c7w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5pgj-r7c6-7c7w
- Aliases
-
- CVE-2011-2087
- Published
- 2022-05-17T05:41:08Z
- Modified
- 2024-12-02T05:43:47.731134Z
- Summary
- Apache Struts Multiple XSS Vulnerabilities
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a
.actionURI, related to improper handling of value attributes in 1.FileHandler.java1.HiddenHandler.java1.PasswordHandler.java1.RadioHandler.java1.ResetHandler.java1.SelectHandler.java1.SubmitHandler.java1.TextFieldHandler.java - Database specific
{ "nvd_published_at": "2011-05-13T17:05:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-19T18:23:12Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-2087
- https://github.com/apache/struts/commit/1736b56db702c6639a6d5ae1146dba5a262e3344
- https://github.com/apache/struts
- https://issues.apache.org/jira/browse/WW-3597
- https://issues.apache.org/jira/browse/WW-3608
- http://struts.apache.org/2.2.3/docs/version-notes-223.html
Affected packages
Maven / org.apache.struts:struts2-parent
Package
- Name
- org.apache.struts:struts2-parent
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts/struts2-parent