GHSA-jgcr-9c2q-rvp8

Source

https://github.com/advisories/GHSA-jgcr-9c2q-rvp8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jgcr-9c2q-rvp8/GHSA-jgcr-9c2q-rvp8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jgcr-9c2q-rvp8

Aliases

CVE-2008-6682

Published

2022-05-17T05:52:45Z

Modified

2024-12-06T05:31:39.196860Z

Summary

Apache Struts is vulnerable to Cross-site Scripting

Details

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

Database specific

{
    "nvd_published_at": "2009-04-09T15:08:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T19:15:36Z"
}

References

Affected packages

Maven / org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.11.1

Affected versions

2.*

2.0.5

2.0.6

2.0.8

2.0.9

2.0.11

Maven / org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.1