Maven package

org.apache.struts/struts2-parent

pkg:maven/org.apache.struts/struts2-parent

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-3090	Hig	8.8	>= 2.0.0, < 2.3.20	2.3.20	Oct 30, 2017	The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
CVE-2012-1006		—	< 2.1.2	2.1.2	Feb 7, 2012	Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-
CVE-2011-2087		—	< 2.2.3	2.2.3	May 13, 2011	Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to

CVE-2016-3090HigOct 30, 2017
affected >= 2.0.0, < 2.3.20fixed 2.3.20
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
CVE-2012-1006Feb 7, 2012
affected < 2.1.2fixed 2.1.2
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-
CVE-2011-2087May 13, 2011
affected < 2.2.3fixed 2.2.3
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to