ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0392 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0392 Source advisory: OSV:GHSA-2PPP-XJ34-VVF7...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +80 more potentially affected by CVE-2012-0391 via org.apache.struts:struts2-core (>=2.0.5 <=2.2.3)

org.apache.struts:struts2-core MAVEN version =2.0.5, =1.2.1, =0.6, =3.0, =2.4.0, =2.1.0, =3.1.1 and more Source cves: CVE-2012-0391 Source advisory: OSV:GHSA-4WRR-9H5R-M92W...

Apache Struts's ParameterInterceptor component does not prevent access to public constructors

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

Apache Struts's CookieInterceptor component does not use the parameter-name whitelist

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

Apache Struts Remote Java Code Execution

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0391 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0391 Source advisory: OSV:GHSA-4WRR-9H5R-M92W...

GHSA-4WRR-9H5R-M92W Apache Struts Remote Java Code Execution

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +202 more potentially affected by CVE-2012-0393 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.16.3)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2012-0393 Source advisory: OSV:GHSA-HXQQ-W4MR-MC62...

GHSA-2PPP-XJ34-VVF7 Apache Struts's CookieInterceptor component does not use the parameter-name whitelist

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

GHSA-HMVJ-GC9Q-MG9P Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

GHSA-HXQQ-W4MR-MC62 Apache Struts's ParameterInterceptor component does not prevent access to public constructors

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

Apache Struts Security Update (S2-062) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-2C6Q-RGVJ-66RX Apache Tiles Vulnerable to XSS via EL Expression Injection

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

Apache Struts Remote Code Execution (CVE-2021-31805)

A remote code execution vulnerability exists in Apache Struts. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Apache Struts Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise SLE 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web scrip...

com.octo.captcha:jcaptcha-all (=1.0-RC-2.0.1), com.thesett:struts-tools (>=0.8-M1 <=0.9.117) +33 more potentially affected by CVE-2008-2025 via struts:struts (>=1.1 <=1.2.8)

struts:struts MAVEN version =1.1, =0.8-M1, =0.9.0, =1.0.0, =3.2, =3.2, =3.2, =3.2, =1.1.5, =1.0.3, =1.0.4 and more Source cves: CVE-2008-2025 Source advisory: OSV:GHSA-WCGX-2HVX-5CWR...

GHSA-WCGX-2HVX-5CWR Apache Struts Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise SLE 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web scrip...

Apache Struts Dojo Plugin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving 1 xipclient.html and 2 xipserver.html in src/io/...

GHSA-RM26-W253-9QV7 Apache Struts Dojo Plugin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving 1 xipclient.html and 2 xipserver.html in src/io/...