GHSA-H4V9-JF2R-9H6M Cross-Site Request Forgery in Apache Struts

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

Cross-Site Request Forgery in Apache Struts

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

GHSA-9848-V244-962P Withdrawn Advisory: Apache Struts XSS

Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. Original Description Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML...

Withdrawn Advisory: Apache Struts XSS

Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. Original Description Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2134 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2134 Source advisory: OSV:GHSA-GQQM-564F-VVXQ...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +207 more potentially affected by CVE-2015-5169 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.1.2)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2015-5169 Source advisory: OSV:GHSA-VWHV-J36G-5RM8...

GHSA-GQQM-564F-VVXQ Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

GHSA-VWHV-J36G-5RM8 Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +133 more potentially affected by CVE-2013-2135 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.14.2)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2135 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2135 Source advisory: OSV:GHSA-PW8R-X2QM-3H5M...

GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

GHSA-PW8R-X2QM-3H5M Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

Cross-site Scripting in Apache Struts

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

GHSA-MWRX-HX6X-3HHV Apache Struts Code injection due to conversion error

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0838 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0838 Source advisory: OSV:GHSA-MWRX-HX6X-3HHV...

Apache Struts Code injection due to conversion error

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

GHSA-864W-R5QJ-H6FJ Apache Struts forced double OGNL evaluation

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...