1. Home
  2. Vulnerabilities
  3. CVE-2011-1772

CVE-2011-1772

CVSS v2.0 2.6 (Low)
26% Progress
EPSS 0.42 % (75th)
0.42% Progress
Affected Products 3
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2011-05-13 17:05:44
(13 years ago)
Updated Date
2012-01-19 03:57:11
(12 years ago)

Affected Products

Apache

Opensymphony

Configuration #1

    CPE23 From Up To
  Apache Struts 2.0.0 cpe:2.3:a:apache:struts:2.0.0
  Apache Struts 2.0.1 cpe:2.3:a:apache:struts:2.0.1
  Apache Struts 2.0.2 cpe:2.3:a:apache:struts:2.0.2
  Apache Struts 2.0.3 cpe:2.3:a:apache:struts:2.0.3
  Apache Struts 2.0.4 cpe:2.3:a:apache:struts:2.0.4
  Apache Struts 2.0.5 cpe:2.3:a:apache:struts:2.0.5
  Apache Struts 2.0.6 cpe:2.3:a:apache:struts:2.0.6
  Apache Struts 2.0.7 cpe:2.3:a:apache:struts:2.0.7
  Apache Struts 2.0.8 cpe:2.3:a:apache:struts:2.0.8
  Apache Struts 2.0.9 cpe:2.3:a:apache:struts:2.0.9
  Apache Struts 2.0.10 cpe:2.3:a:apache:struts:2.0.10
  Apache Struts 2.0.11 cpe:2.3:a:apache:struts:2.0.11
  Apache Struts 2.0.11.1 cpe:2.3:a:apache:struts:2.0.11.1
  Apache Struts 2.0.11.2 cpe:2.3:a:apache:struts:2.0.11.2
  Apache Struts 2.0.12 cpe:2.3:a:apache:struts:2.0.12
  Apache Struts 2.0.13 cpe:2.3:a:apache:struts:2.0.13
  Apache Struts 2.0.14 cpe:2.3:a:apache:struts:2.0.14
  Apache Struts 2.1.0 cpe:2.3:a:apache:struts:2.1.0
  Apache Struts 2.1.1 cpe:2.3:a:apache:struts:2.1.1
  Apache Struts 2.1.2 cpe:2.3:a:apache:struts:2.1.2
  Apache Struts 2.1.3 cpe:2.3:a:apache:struts:2.1.3
  Apache Struts 2.1.4 cpe:2.3:a:apache:struts:2.1.4
  Apache Struts 2.1.5 cpe:2.3:a:apache:struts:2.1.5
  Apache Struts 2.1.6 cpe:2.3:a:apache:struts:2.1.6
  Apache Struts 2.1.8 cpe:2.3:a:apache:struts:2.1.8
  Apache Struts 2.1.8.1 cpe:2.3:a:apache:struts:2.1.8.1
  Apache Struts 2.2.1 cpe:2.3:a:apache:struts:2.2.1
  Apache Struts 2.2.1.1 cpe:2.3:a:apache:struts:2.2.1.1

Configuration #2

    CPE23 From Up To
  Opensymphony Webwork cpe:2.3:a:opensymphony:webwork
  Opensymphony Xwork cpe:2.3:a:opensymphony:xwork