4 matches found
The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.
The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Devmode Remote Command Execution Vulnerability in Elevator Engineering Management System
Elevator project management system is to establish an informatization system applicable to elevator enterprises, which collects elevator business data from various departments in time, has good data communication and exchange capability, standardized management process, unified management model,...
JVN#92395431: Java (OGNL) code execution in Apache Struts 2 when devMode is enabled
Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that proof-of-concept co...
JVN#95989300: Apache Struts vulnerable to cross-site scripting
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...