3 matches found
Code injection in Apache Struts
A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. both the s:url and s:a tag provide an includeParams attribute. The main scope of that attribute is to understand whether includes...
Cross-site Scripting (XSS)
struts2-core is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper handling of double quote characters in the href attribute of the s:a tag, as well as the parameters in the action attribute of the s:url tag, allowing XSS attacks...
CVE-2008-6682
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...