{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2011-2087","title":"Title"},{"category":"description","text":"Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2011-2087","url":"https://www.suse.com/security/cve/CVE-2011-2087"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 693976 for CVE-2011-2087","url":"https://bugzilla.suse.com/693976"},{"category":"external","summary":"SUSE Bug 740470 for CVE-2011-2087","url":"https://bugzilla.suse.com/740470"}],"title":"SUSE CVE CVE-2011-2087","tracking":{"current_release_date":"2023-02-15T05:53:05Z","generator":{"date":"2023-02-15T05:53:05Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2011-2087","initial_release_date":"2023-02-15T05:53:05Z","revision_history":[{"date":"2023-02-15T05:53:05Z","number":"2","summary":"Current version"}],"status":"interim","version":"2"}}}