Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4bqg-76fv-3kcd

Summary

Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a `.action` URI, related to improper handling of value attributes in 
1. `FileHandler.java`
1. `HiddenHandler.java`
1. `PasswordHandler.java`
1. `RadioHandler.java`
1. `ResetHandler.java`
1. `SelectHandler.java`
1. `SubmitHandler.java`
1. `TextFieldHandler.java`

Aliases

alias	CVE-2011-2087

alias	GHSA-5pgj-r7c6-7c7w

Fixed_packages

url pkg:maven/org.apache.struts/struts2-parent@2.2.3

purl pkg:maven/org.apache.struts/struts2-parent@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.2.3

Affected_packages

url pkg:maven/org.apache.struts/struts2-parent@2.0.5

purl pkg:maven/org.apache.struts/struts2-parent@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.5

url pkg:maven/org.apache.struts/struts2-parent@2.0.6

purl pkg:maven/org.apache.struts/struts2-parent@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.6

url pkg:maven/org.apache.struts/struts2-parent@2.0.8

purl pkg:maven/org.apache.struts/struts2-parent@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.8

url pkg:maven/org.apache.struts/struts2-parent@2.0.9

purl pkg:maven/org.apache.struts/struts2-parent@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.9

url pkg:maven/org.apache.struts/struts2-parent@2.0.11

purl pkg:maven/org.apache.struts/struts2-parent@2.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.11

url pkg:maven/org.apache.struts/struts2-parent@2.0.11.1

purl pkg:maven/org.apache.struts/struts2-parent@2.0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.11.1

url pkg:maven/org.apache.struts/struts2-parent@2.0.11.2

purl pkg:maven/org.apache.struts/struts2-parent@2.0.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.11.2

url pkg:maven/org.apache.struts/struts2-parent@2.0.12

purl pkg:maven/org.apache.struts/struts2-parent@2.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.12

url pkg:maven/org.apache.struts/struts2-parent@2.0.14

purl pkg:maven/org.apache.struts/struts2-parent@2.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.0.14

url pkg:maven/org.apache.struts/struts2-parent@2.1.2

purl pkg:maven/org.apache.struts/struts2-parent@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.1.2

url pkg:maven/org.apache.struts/struts2-parent@2.1.6

purl pkg:maven/org.apache.struts/struts2-parent@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.1.6

url pkg:maven/org.apache.struts/struts2-parent@2.1.8

purl pkg:maven/org.apache.struts/struts2-parent@2.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.1.8

url pkg:maven/org.apache.struts/struts2-parent@2.1.8.1

purl pkg:maven/org.apache.struts/struts2-parent@2.1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.1.8.1

url pkg:maven/org.apache.struts/struts2-parent@2.2.1

purl pkg:maven/org.apache.struts/struts2-parent@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.2.1

url pkg:maven/org.apache.struts/struts2-parent@2.2.1.1

purl pkg:maven/org.apache.struts/struts2-parent@2.2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4bqg-76fv-3kcd

vulnerability	VCID-c4ag-2wfu-53ew

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-tcaj-6bcg-k7g2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-parent@2.2.1.1

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2087.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2087.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2087

reference_id

reference_type

scores

value	0.01391
scoring_system	epss
scoring_elements	0.80399
published_at	2026-04-21T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80328
published_at	2026-04-07T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80356
published_at	2026-04-08T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80367
published_at	2026-04-09T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80385
published_at	2026-04-11T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.8037
published_at	2026-04-12T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80364
published_at	2026-04-13T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80393
published_at	2026-04-16T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80395
published_at	2026-04-18T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80312
published_at	2026-04-01T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80319
published_at	2026-04-02T12:55:00Z

value	0.01391
scoring_system	epss
scoring_elements	0.80339
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2087

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/1736b56db702c6639a6d5ae1146dba5a262e3344

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1736b56db702c6639a6d5ae1146dba5a262e3344

reference_url

https://issues.apache.org/jira/browse/WW-3597

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3597

reference_url

https://issues.apache.org/jira/browse/WW-3608

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3608

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2087

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2087

reference_url

http://struts.apache.org/2.2.3/docs/version-notes-223.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.2.3/docs/version-notes-223.html

reference_url	http://www.vupen.com/english/advisories/2011/1198
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/1198

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=723828
reference_id	723828
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=723828

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url

https://github.com/advisories/GHSA-5pgj-r7c6-7c7w

reference_id

GHSA-5pgj-r7c6-7c7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5pgj-r7c6-7c7w

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bqg-76fv-3kcd

Vulnerability Instance