Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

Apache Struts XWork Error Page Multiple Cross-Site Scripting (CVE-2011-1772)

A Cross-Site Scripting vulnerability has been reported in Apache Struts. The vulnerabilities are due to unsanitized parameters in various automatically generated error pages. A remote attacker can exploit these vulnerabilities by enticing a victim to follow a specially crafted link. Successful...

CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

CVE-2011-1772

CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...

CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

Apache Struts 2 Cross Site Scripting

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...