7 matches found
K17449: Apache Struts 2 vulnerability CVE-2015-5169
Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...
CVE-2015-5169
Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...
CVE-2015-5169
Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...
CVE-2015-5169
Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...
CVE-2015-5169
Apache Struts is affected by an XSS vulnerability (CVE-2015-5169) present in Struts versions prior to 2.3.20. When debug mode is enabled, specially crafted inputs can trigger arbitrary script execution in a victim’s browser in the context of the web application. Public advisories and vendor notes...
SOL17449 - Apache Struts 2 vulnerability CVE-2015-5169
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)
The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...