Home > Vulnerability Database > CVE-2011-2087

Mend.io Vulnerability Database

CVE-2011-2087

Good to know:

Date: May 13, 2011

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.

Language: Java

Severity Score

3.7

Related Resources (8)

Url: https://issues.apache.org/jira/browse/WW-3608

Url: https://github.com/apache/struts

Url: http://struts.apache.org/2.2.3/docs/version-notes-223.html

Url: https://github.com/apache/struts/commit/1736b56db702c6639a6d5ae1146dba5a262e3344

Url: http://www.vupen.com/english/advisories/2011/1198

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2087

Url: https://issues.apache.org/jira/browse/WW-3597

Url: https://www.mend.io/vulnerability-database/CVE-2011-2087

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 2.2.3

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2087

Good to know:

Date: May 13, 2011

Language: Java

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?