Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2011-2087

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v2 Score 4.3
Products affected by CVE-2011-2087
  • Apache » Struts » Version: 2.0.0
    cpe:2.3:a:apache:struts:2.0.0
  • Apache » Struts » Version: 2.0.1
    cpe:2.3:a:apache:struts:2.0.1
  • Apache » Struts » Version: 2.0.10
    cpe:2.3:a:apache:struts:2.0.10
  • Apache » Struts » Version: 2.0.11
    cpe:2.3:a:apache:struts:2.0.11
  • Apache » Struts » Version: 2.0.11.1
    cpe:2.3:a:apache:struts:2.0.11.1
  • Apache » Struts » Version: 2.0.11.2
    cpe:2.3:a:apache:struts:2.0.11.2
  • Apache » Struts » Version: 2.0.12
    cpe:2.3:a:apache:struts:2.0.12
  • Apache » Struts » Version: 2.0.13
    cpe:2.3:a:apache:struts:2.0.13
  • Apache » Struts » Version: 2.0.14
    cpe:2.3:a:apache:struts:2.0.14
  • Apache » Struts » Version: 2.0.2
    cpe:2.3:a:apache:struts:2.0.2
  • Apache » Struts » Version: 2.0.3
    cpe:2.3:a:apache:struts:2.0.3
  • Apache » Struts » Version: 2.0.4
    cpe:2.3:a:apache:struts:2.0.4
  • Apache » Struts » Version: 2.0.5
    cpe:2.3:a:apache:struts:2.0.5
  • Apache » Struts » Version: 2.0.6
    cpe:2.3:a:apache:struts:2.0.6
  • Apache » Struts » Version: 2.0.7
    cpe:2.3:a:apache:struts:2.0.7
  • Apache » Struts » Version: 2.0.8
    cpe:2.3:a:apache:struts:2.0.8
  • Apache » Struts » Version: 2.0.9
    cpe:2.3:a:apache:struts:2.0.9
  • Apache » Struts » Version: 2.1.0
    cpe:2.3:a:apache:struts:2.1.0
  • Apache » Struts » Version: 2.1.1
    cpe:2.3:a:apache:struts:2.1.1
  • Apache » Struts » Version: 2.1.2
    cpe:2.3:a:apache:struts:2.1.2
  • Apache » Struts » Version: 2.1.3
    cpe:2.3:a:apache:struts:2.1.3
  • Apache » Struts » Version: 2.1.4
    cpe:2.3:a:apache:struts:2.1.4
  • Apache » Struts » Version: 2.1.5
    cpe:2.3:a:apache:struts:2.1.5
  • Apache » Struts » Version: 2.1.6
    cpe:2.3:a:apache:struts:2.1.6
  • Apache » Struts » Version: 2.1.8
    cpe:2.3:a:apache:struts:2.1.8
  • Apache » Struts » Version: 2.1.8.1
    cpe:2.3:a:apache:struts:2.1.8.1
  • Apache » Struts » Version: 2.2.1
    cpe:2.3:a:apache:struts:2.2.1
  • Apache » Struts » Version: 2.2.1.1
    cpe:2.3:a:apache:struts:2.2.1.1


Contact Us

Shodan ® - All rights reserved