Miggo Logo
Miggo Vulnerability Database
CVE-2011-2087

CVE-2011-2087:
Apache Struts Multiple XSS Vulnerabilities

4.3

CVSS Score

Basic Information

CVE ID
CVE-2011-2087
GHSA ID
GHSA-5pgj-r7c6-7c7w
EPSS Score
0.79499%
CWE
CWE-79
Published
5/17/2022
Updated
1/19/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.struts:struts2-parentmaven< 2.2.32.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the changes made in the GitHub commit to fix the XSS vulnerability. The generate() methods in the affected classes were identified as vulnerable due to the improper handling of the 'value' attribute. The changes to remove the 'false' parameter from addIfExists() calls indicate a fix to properly handle (likely escape) the attribute values, mitigating the XSS vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* s*riptin* (XSS) vuln*r**iliti*s in *ompon*nt **n*l*rs in t** j*v*t*mpl*t*s (*k* J*v* T*mpl*t*s) plu*in in *p**** Struts *.x ***or* *.*.* *llow r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* *n *r*itr*ry p*r*m*t*r v*lu

Reasoning

T** *n*lysis is **s** on t** ***n**s m*** in t** *it*u* *ommit to *ix t** XSS vuln*r**ility. T** **n*r*t*() m*t*o*s in t** *****t** *l*ss*s w*r* i**nti*i** *s vuln*r**l* *u* to t** improp*r **n*lin* o* t** 'v*lu*' *ttri*ut*. T** ***n**s to r*mov* t**