3 matches found
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +207 more potentially affected by CVE-2015-2992 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.1.2)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2015-2992 Source advisory: OSV:GHSA-265R-PP83-GWW7...
CVE-2015-2992
Apache Struts CVE-2015-2992 is an XSS vulnerability in Struts before 2.3.20, caused by improper validation of user input when JSP files are accessed directly. Exploitation could allow a remote attacker to run scripts in the victim’s browser and steal cookies. Affected products/versions include St...
CVE-2015-2992
Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...