CVE-2011-1772 – Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-1772

13 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en XWork en Apache Struts v2.x anterior a v2.2.3, y OpenSymphony XWork e... • https://www.exploit-db.com/exploits/35735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •