// For flags

CVE-2011-1772

Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting

Severity Score

2.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en XWork en Apache Struts v2.x anterior a v2.2.3, y OpenSymphony XWork en OpenSymphony WebWork, permite a atacantes remotos inyectar código web script o HTML a través de vectores que implican (1) un "action name", (2) la acción atributo de un elemento "s:submit", o (3) el atributo del método del elemento "s:submit".

Apache Struts 2 framework before version 2.2.3 is vulnerable to reflected cross site scripting attacks when default XWork generated error messages are displayed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-04-19 CVE Reserved
  • 2011-05-10 First Exploit
  • 2011-05-11 CVE Published
  • 2024-05-29 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.0
Search vendor "Apache" for product "Struts" and version "2.0.0"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.1
Search vendor "Apache" for product "Struts" and version "2.0.1"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.2
Search vendor "Apache" for product "Struts" and version "2.0.2"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.3
Search vendor "Apache" for product "Struts" and version "2.0.3"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.4
Search vendor "Apache" for product "Struts" and version "2.0.4"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.5
Search vendor "Apache" for product "Struts" and version "2.0.5"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.6
Search vendor "Apache" for product "Struts" and version "2.0.6"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.7
Search vendor "Apache" for product "Struts" and version "2.0.7"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.8
Search vendor "Apache" for product "Struts" and version "2.0.8"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.9
Search vendor "Apache" for product "Struts" and version "2.0.9"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.10
Search vendor "Apache" for product "Struts" and version "2.0.10"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.11
Search vendor "Apache" for product "Struts" and version "2.0.11"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.11.1
Search vendor "Apache" for product "Struts" and version "2.0.11.1"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.11.2
Search vendor "Apache" for product "Struts" and version "2.0.11.2"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.12
Search vendor "Apache" for product "Struts" and version "2.0.12"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.13
Search vendor "Apache" for product "Struts" and version "2.0.13"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.0.14
Search vendor "Apache" for product "Struts" and version "2.0.14"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.0
Search vendor "Apache" for product "Struts" and version "2.1.0"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.1
Search vendor "Apache" for product "Struts" and version "2.1.1"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.2
Search vendor "Apache" for product "Struts" and version "2.1.2"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.3
Search vendor "Apache" for product "Struts" and version "2.1.3"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.4
Search vendor "Apache" for product "Struts" and version "2.1.4"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.5
Search vendor "Apache" for product "Struts" and version "2.1.5"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.6
Search vendor "Apache" for product "Struts" and version "2.1.6"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.8
Search vendor "Apache" for product "Struts" and version "2.1.8"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.1.8.1
Search vendor "Apache" for product "Struts" and version "2.1.8.1"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.2.1
Search vendor "Apache" for product "Struts" and version "2.2.1"
-
Affected
Apache
Search vendor "Apache"
Struts
Search vendor "Apache" for product "Struts"
2.2.1.1
Search vendor "Apache" for product "Struts" and version "2.2.1.1"
-
Affected
Opensymphony
Search vendor "Opensymphony"
Webwork
Search vendor "Opensymphony" for product "Webwork"
*-
Affected
Opensymphony
Search vendor "Opensymphony"
Xwork
Search vendor "Opensymphony" for product "Xwork"
*-
Affected