Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts 2.0.0 |
||
apache struts 2.0.1 |
||
apache struts 2.0.2 |
||
apache struts 2.0.3 |
||
apache struts 2.0.4 |
||
apache struts 2.0.5 |
||
apache struts 2.0.6 |
||
apache struts 2.0.7 |
||
apache struts 2.0.8 |
||
apache struts 2.0.9 |
||
apache struts 2.0.10 |
||
apache struts 2.0.11 |
||
apache struts 2.0.11.1 |
||
apache struts 2.0.11.2 |
||
apache struts 2.0.12 |
||
apache struts 2.0.13 |
||
apache struts 2.0.14 |
||
apache struts 2.1.0 |
||
apache struts 2.1.1 |
||
apache struts 2.1.2 |
||
apache struts 2.1.3 |
||
apache struts 2.1.4 |
||
apache struts 2.1.5 |
||
apache struts 2.1.6 |
||
apache struts 2.1.8 |
||
apache struts 2.1.8.1 |
||
apache struts 2.2.1 |
||
apache struts 2.2.1.1 |
||
opensymphony webwork |
||
opensymphony xwork |