3 matches found
CVE-2011-1772
CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...
CVE-2011-2088
CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...
CVE-2011-2087
CVE-2011-2087 affects the javatemplates (Java Templates) plugin in Apache Struts 2.x prior to 2.2.3. The issue is multiple XSS vulnerabilities in eight component handlers (FileHandler.java, HiddenHandler.java, PasswordHandler.java, RadioHandler.java, ResetHandler.java, SelectHandler.java, SubmitH...