Описание
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.0143
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
debian
почти 17 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...
EPSS
Процентиль: 80%
0.0143
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79