Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Struts javatemplates插件组件处理程序多个跨站脚本攻击漏洞
Vulnerability Description
Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.2.3之前的2.x版本的javatemplates (也称为Java Templates)插件中的组件处理程序中存在多个跨站脚本攻击漏洞。远程攻击者可以借助.action URI的任意参数值,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A