发布时间: 2022年7月30日
修改时间: 2022年7月30日
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 2.6 | 2.6 |
| Attack Vector | Network | Network |
| Attack Complexity | High | High |
| Privileges Required | ||
| User Interaction | ||
| Scope | ||
| Confidentiality | None | None |
| Integrity | ||
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1709 | Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. | 2022年7月30日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | struts | Unaffected |
| KY3.4-5 | struts | Unaffected |
| KY3.5.1 | struts | Unaffected |
