CVE-2011-2087Cross-site Scripting in Apache Struts

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedMay 13
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) Text

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/struts28 versions+27

🔴Vulnerability Details

3
OSV
Apache Struts Multiple XSS Vulnerabilities2022-05-17
GHSA
Apache Struts Multiple XSS Vulnerabilities2022-05-17
CVEList
CVE-2011-2087: Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 22011-05-13

📋Vendor Advisories

1
Red Hat
struts: Multiple XSS flaws in component handlers in javatemplates plug-in2011-03-23

💬Community

1
Bugzilla
CVE-2011-2087 struts: Multiple XSS flaws in component handlers in javatemplates plug-in2011-07-21
CVE-2011-2087 — Cross-site Scripting in Apache Struts | cvebase