CVE-2011-1772

CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...

CVE-2011-2088

CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...