Devmode Remote Command Execution Vulnerability in Elevator Engineering Management System

Elevator project management system is to establish an informatization system applicable to elevator enterprises, which collects elevator business data from various departments in time, has good data communication and exchange capability, standardized management process, unified management model,...

JVN#92395431: Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that proof-of-concept co...

JVN#95989300: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...