Apache Struts2 S2-057 - Remote Code Execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

CVE-2025-11776

creationtimestamp| type| source ---|---|--- 2025-11-14 09:08:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5ldgjfu7j2u 2025-11-14 10:41:32+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5lijovga3c2...

CVE-2024-11776

The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11776

creationtimestamp| type| source ---|---|--- 2024-12-20 02:44:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113682854525386646 2024-12-20 03:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpgcgtfo22g 2024-12-20 05:02:12+00:00| seen|...

CVE-2024-11776 PCRecruiter Extensions <= 1.4.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

australiafair.com.au Cross Site Scripting vulnerability OBB-3770117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

K60499474: Apache Struts vulnerability CVE-2018-11776

Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...

leadform.batscrm.com Cross Site Scripting vulnerability OBB-1408944

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)

The 13.3.0.0, 13.4.0.0, and 12.1.0.5 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager...

CVE-2020-11776

CVE-2020-11776 is a stored XSS vulnerability affecting NETGEAR routers: D7800 (before 1.0.1.56), R7500v2 (before 1.0.3.46), R7800 (before 1.0.2.68), R8900 (before 1.0.4.28), R9000 (before 1.0.4.28), RAX120 (before 1.0.0.78), XR500 (before 2.3.2.56), and XR700 (before 1.0.1.10). Root cause is inpu...

Exploit for CVE-2018-11776

GitHub Security Lab This is the main git repository of GitHu...

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

CVE-2019-11776

The CVE-2019-11776 entry affects Eclipse BIRT Report Viewer (versions 1.0–4.7). The underlying issue is a reflected XSS in a URL parameter (notably the __format parameter in the Report Viewer) that allows an attacker to inject JavaScript executed in the victim’s browser context. This is caused by...

CVE-2019-11776

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context...

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +227 more potentially affected by CVE-2018-11776 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.34)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2018-11776 Source advisory: OSV:GHSA-CR6J-3JP9-RW65...

Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)

Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error...