CVE-2011-1772

low

Apache

CVSS v3 Base Score

2.6

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS Score

59.2%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

None

Integrity

Availability

None

Published: May 13, 2011 (5480 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

CWE

CWE-79

Affected Products

apache strutsopensymphony webworkopensymphony xwork

References

🔗 jvn.jp 🔗 jvndb.jvn.jp 🔗 secureappdev.blogspot.com 🔗 secureappdev.blogspot.com 🔗 struts.apache.org

CVE-2011-1772

Vulnerability Report

Description

CWE

Affected Products

References