-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.struts:struts2-parent | maven | < 2.2.3 | 2.2.3 |
JavaJavaMiggo AIRoot Cause AnalysisThe analysis is based on the changes made in the GitHub commit to fix the XSS vulnerability. The generate() methods in the affected classes were identified as vulnerable due to the improper handling of the 'value' attribute. The changes to remove the 'false' parameter from addIfExists() calls indicate a fix to properly handle (likely escape) the attribute values, mitigating the XSS vulnerability.
Ongoing coverage of React2Shell