Lucene search

K

PRIOn knowledge basePRION:CVE-2011-1772

HistoryMay 13, 2011 - 5:05 p.m.

Cross site scripting

2011-05-1317:05:00

PRIOn knowledge base

www.prio-n.com

8

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

CPENameOperatorVersion
strutseq2.0.9
strutseq2.0.12
strutseq2.1.0
strutseq2.0.0
strutseq2.0.8
strutseq2.0.7
strutseq2.0.4
strutseq2.2.1
strutseq2.1.8.1
strutseq2.1.3

Rows per page:

1-10 of 281

References

jvn.jp/en/jp/JVN25435092/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000106

struts.apache.org/2.2.3/docs/version-notes-223.html

struts.apache.org/2.x/docs/s2-006.html

www.securityfocus.com/bid/47784

www.ventuneac.net/security-advisories/MVSA-11-006

www.vupen.com/english/advisories/2011/1198

issues.apache.org/jira/browse/WW-3579

secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html

secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

Related for PRION:CVE-2011-1772

openvas2 nessus1 securityvulns2 osv2 cve2 seebug1 nvd2 checkpoint_advisories1 github2 jvn1 packetstorm1 cvelist2 prion1 ibm3