3 matches found
CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...
PT-2026-1915
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 before 2.2.1 Apache Struts versions 2.2.1 through 6.1.0 Description The issue is a missing XML validation in Apache Struts, specifically within the XWork component. This allows for XML External Entity XXE injection...
The vulnerability in the implementation of the OGNL expression transformation class for XWork command structures on the Apache Struts software platform allows attackers to circumvent security restrictions and execute arbitrary commands.
The vulnerability of the OGNL expression transformation class implementation in the XWork expression structure of the Apache Struts software framework is related to deficiencies in access control when using the ParametersInterceptor class with the parameter. Exploiting this vulnerability allows a...