VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-parent@2.2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4bqg-76fv-3kcd Aliases: CVE-2011-2087 GHSA-5pgj-r7c6-7c7w	Apache Struts Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a `.action` URI, related to improper handling of value attributes in 1. `FileHandler.java` 1. `HiddenHandler.java` 1. `PasswordHandler.java` 1. `RadioHandler.java` 1. `ResetHandler.java` 1. `SelectHandler.java` 1. `SubmitHandler.java` 1. `TextFieldHandler.java`	2.2.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c4ag-2wfu-53ew Aliases: CVE-2012-1006 GHSA-cmpm-jg8r-fv37	Apache Struts Multiple Cross-site Scripting Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to `struts2-showcase/person/editPerson.action`, or the (3) clientName parameter to `struts2-rest-showcase/orders`.	2.2.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nmgp-r7hb-5ke1 Aliases: CVE-2012-0391 GHSA-4wrr-9h5r-m92w	The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.	2.2.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tcaj-6bcg-k7g2 Aliases: CVE-2016-3090 GHSA-ggmp-fxfg-277r	Improper Input Validation The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.	2.3.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4bqg-76fv-3kcd
Aliases:
CVE-2011-2087
GHSA-5pgj-r7c6-7c7w

Apache Struts Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a `.action` URI, related to improper handling of value attributes in 1. `FileHandler.java` 1. `HiddenHandler.java` 1. `PasswordHandler.java` 1. `RadioHandler.java` 1. `ResetHandler.java` 1. `SelectHandler.java` 1. `SubmitHandler.java` 1. `TextFieldHandler.java`

2.2.3
Affected by 3 other vulnerabilities.

VCID-c4ag-2wfu-53ew
Aliases:
CVE-2012-1006
GHSA-cmpm-jg8r-fv37

Apache Struts Multiple Cross-site Scripting Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to `struts2-showcase/person/editPerson.action`, or the (3) clientName parameter to `struts2-rest-showcase/orders`.

2.2.3.1
Affected by 1 other vulnerability.

VCID-nmgp-r7hb-5ke1
Aliases:
CVE-2012-0391
GHSA-4wrr-9h5r-m92w

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

2.2.3.1
Affected by 1 other vulnerability.

VCID-tcaj-6bcg-k7g2
Aliases:
CVE-2016-3090
GHSA-ggmp-fxfg-277r

Improper Input Validation The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

2.3.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:53:40.644405+00:00	GitLab Importer	Affected by	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.4.0
2026-04-16T21:52:51.330574+00:00	GitLab Importer	Affected by	VCID-4bqg-76fv-3kcd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2011-2087.yml	38.4.0
2026-04-16T21:51:12.245433+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.4.0
2026-04-16T21:46:37.823934+00:00	GitLab Importer	Affected by	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.4.0
2026-04-11T23:09:06.943726+00:00	GitLab Importer	Affected by	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.3.0
2026-04-11T23:08:28.519572+00:00	GitLab Importer	Affected by	VCID-4bqg-76fv-3kcd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2011-2087.yml	38.3.0
2026-04-11T23:07:16.918224+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.3.0
2026-04-11T23:02:24.997476+00:00	GitLab Importer	Affected by	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.3.0
2026-04-02T23:17:48.877689+00:00	GitLab Importer	Affected by	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.1.0
2026-04-02T23:17:04.058864+00:00	GitLab Importer	Affected by	VCID-4bqg-76fv-3kcd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2011-2087.yml	38.1.0
2026-04-02T23:15:29.510065+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.1.0
2026-04-02T23:10:50.982015+00:00	GitLab Importer	Affected by	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.1.0
2026-04-01T17:38:03.029935+00:00	GitLab Importer	Affected by	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.0.0
2026-04-01T17:37:12.311933+00:00	GitLab Importer	Affected by	VCID-4bqg-76fv-3kcd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2011-2087.yml	38.0.0
2026-04-01T17:35:31.088938+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.0.0
2026-04-01T17:30:40.506296+00:00	GitLab Importer	Affected by	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.0.0