Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2022/05/17 3:42 a.m.23 views

GHSA-PVM9-288C-V5WQ Remote Code Execution in Apache Struts

XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code...

9.8CVSS9.2AI score0.24626EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/05/17 3:42 a.m.31 views

Remote Code Execution in Apache Struts

XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code...

10CVSS3.3AI score0.24626EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisoriesadded 2016/05/22 12:0 a.m.7 views

Apache Struts XSLTResult File Inclusion (CVE-2016-3082)

A file inclusion vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to a failure to validate user's input when stylesheet is being passed as a request parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...

10CVSS8.8AI score0.24626EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2016/04/28 12:0 a.m.135 views

Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities

The version of Apache Struts running on the remote host is 2.x prior to 2.3.28.1. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists, related to chained expressions, when Dynamic Method Invocation DMI is enabled. An unauthenticated, remote attacker can...

10CVSS8.7AI score0.94171EPSS
Exploits16References7
CNVD
CNVDadded 2016/04/27 12:0 a.m.1 views

Apache Struts XSLTResult Arbitrary Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications. A security vulnerability exists in XSLTResult in Apache Struts versions 2.0.0 through 2.3.28, which can be exploited by...

10CVSS9.8AI score0.24626EPSS
Exploits0References1
NVD
NVDadded 2016/04/26 2:59 p.m.17 views

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

10CVSS9.8AI score0.24626EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2016/04/26 2:59 p.m.25 views

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

10CVSS7.3AI score0.24626EPSS
Exploits0References3
Cvelist
Cvelistadded 2016/04/26 2:0 p.m.25 views

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

9.7AI score0.24626EPSS
Exploits0References3
securityvulns
securityvulnsadded 2012/04/09 12:0 a.m.58 views

struts2 xsltResult Local code execution vulnerability

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

0.1AI score
Exploits0
Rows per page
Query Builder