VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-parent@2.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.struts/struts2-parent@2.2

purl	pkg:maven/org.apache.struts/struts2-parent@2.2
Tags	Ghost

Next non-vulnerable version	2.3.20
Latest non-vulnerable version	2.3.20
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-c4ag-2wfu-53ew Aliases: CVE-2012-1006 GHSA-cmpm-jg8r-fv37	Apache Struts Multiple Cross-site Scripting Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to `struts2-showcase/person/editPerson.action`, or the (3) clientName parameter to `struts2-rest-showcase/orders`.	2.2.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:15.109955+00:00	GHSA Importer	Affected by	VCID-c4ag-2wfu-53ew	https://github.com/advisories/GHSA-cmpm-jg8r-fv37	38.1.0
2026-04-03T21:25:55.751839+00:00	GitLab Importer	Affected by	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.1.0