Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2011-1772

Published: 13/05/2011 Updated: 19/01/2012
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.0.8

apache struts 2.0.6

apache struts 2.0.13

apache struts 2.0.12

apache struts 2.0.10

apache struts 2.0.0

apache struts 2.0.11.2

apache struts 2.0.11.1

apache struts 2.1.2

apache struts 2.0.14

apache struts 2.0.4

apache struts 2.0.7

apache struts 2.2.1.1

apache struts 2.0.11

apache struts 2.0.9

apache struts 2.2.1

apache struts 2.1.3

apache struts 2.1.0

apache struts 2.1.8

apache struts 2.1.8.1

apache struts 2.0.2

apache struts 2.0.5

apache struts 2.1.5

apache struts 2.1.4

apache struts 2.1.6

apache struts 2.1.1

apache struts 2.0.1

apache struts 2.0.3

opensymphony xwork

opensymphony webwork

Exploits

Exploit DB: Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
source: wwwsecurityfocuscom/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data Successful exploitation requires 'Dynamic Method Invocation' to be enabled by default An attacker may leverage this issue to execute arbitrary script code in the browser ...
Exploit DB: Apache Struts 2 Cross Site Scripting
Apache Struts 2 framework before version 223 is vulnerable to reflected cross site scripting attacks when default XWork generated error messages are displayed ...

References

CWE-79https://issues.apache.org/jira/browse/WW-3579http://struts.apache.org/2.x/docs/s2-006.htmlhttp://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://struts.apache.org/2.2.3/docs/version-notes-223.htmlhttp://www.vupen.com/english/advisories/2011/1198http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttp://www.ventuneac.net/security-advisories/MVSA-11-006http://www.securityfocus.com/bid/47784http://jvn.jp/en/jp/JVN25435092/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000106https://nvd.nist.govhttps://www.exploit-db.com/exploits/35735/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook