Struts Security Vulnerabilities and Issues — Struts CVE List

Lucene search

ApacheStruts

9 matches found

CVE•added 2012/02/07 4:9 a.m.•98 views

CVE-2012-1007

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/pr...

4.3CVSS7.6AI score0.17686EPSS

CVE•added 2006/03/30 10:2 p.m.•78 views

CVE-2006-1548

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the r...

4.3CVSS5.6AI score0.08769EPSS

CVE•added 2005/11/22 11:3 a.m.•71 views

CVE-2005-3745

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

4.3CVSS5.7AI score0.55839EPSS

CVE•added 2009/04/09 3:8 p.m.•64 views

CVE-2008-2025

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web scr...

4.3CVSS6.6AI score0.02467EPSS

CVE•added 2009/04/09 3:8 p.m.•63 views

CVE-2007-6726

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

4.3CVSS5.8AI score0.01495EPSS

CVE•added 2012/02/07 4:9 a.m.•59 views

CVE-2012-1006

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/order...

4.3CVSS5.6AI score0.83896EPSS

CVE•added 2013/11/02 9:55 p.m.•58 views

CVE-2013-6348

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

4.3CVSS5.8AI score0.06815EPSS

CVE•added 2009/04/09 3:8 p.m.•50 views

CVE-2008-6682

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2...

4.3CVSS5.7AI score0.01223EPSS

CVE•added 2011/05/13 5:5 p.m.•45 views

CVE-2011-2087

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling ...

4.3CVSS5.8AI score0.01391EPSS