Lucene search

PRIOn knowledge basePRION:CVE-2013-6348

HistoryNov 02, 2013 - 9:55 p.m.

Cross site scripting

2013-11-0221:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

CPENameOperatorVersion
strutseq2.3.15.3

CPE	Name	Operator	Version
	struts	eq	2.3.15.3

References

en.wooyun.org/bugs/wooyun-2013-034?2592

osvdb.org/99047

osvdb.org/99048

packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2013/Oct/244

www.securitytracker.com/id/1029266