CVE-2011-1772 in Strutsinformazioni

Riassunto

di MITRE

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

19/04/2011

Divulgazione

13/05/2011

Moderazione

accettato

Voce

VDB-57425

CPE

pronto

CWE

CWE-79 (confermato)

Sfruttamento

Scaricare

CVSS

2.6 (NVD)

EPSS

0.59227

KEV

Attività

molto basso

Settore

Hostingprovider, Telecommunication

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1772
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1772
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1772/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!