Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cGdqLXI3YzYtN2M3d84AAf9i
Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in
FileHandler.javaHiddenHandler.javaPasswordHandler.javaRadioHandler.javaResetHandler.javaSelectHandler.javaSubmitHandler.javaTextFieldHandler.java
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cGdqLXI3YzYtN2M3d84AAf9i
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
Identifiers: GHSA-5pgj-r7c6-7c7w, CVE-2011-2087
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2087
- https://issues.apache.org/jira/browse/WW-3597
- https://issues.apache.org/jira/browse/WW-3608
- http://struts.apache.org/2.2.3/docs/version-notes-223.html
- https://github.com/apache/struts/commit/1736b56db702c6639a6d5ae1146dba5a262e3344
- https://github.com/advisories/GHSA-5pgj-r7c6-7c7w
Blast Radius: 1.0
Affected Packages
maven:org.apache.struts:struts2-parent
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.2.3
Fixed in: 2.2.3
All affected versions: 2.0.5, 2.0.6, 2.0.8, 2.0.9, 2.0.11, 2.0.12, 2.0.14, 2.1.2, 2.1.6, 2.1.8, 2.2.1
All unaffected versions: 2.2.3, 2.3.1, 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.20, 2.3.24, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35, 2.3.36, 2.3.37, 2.5.1, 2.5.2, 2.5.5, 2.5.8, 2.5.10, 2.5.12, 2.5.13, 2.5.14, 2.5.16, 2.5.17, 2.5.18, 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.30, 2.5.31, 2.5.32, 2.5.33, 6.0.0, 6.0.3, 6.1.1, 6.1.2, 6.2.0, 6.3.0, 6.4.0