Lucene search
K
OpensymphonyXwork

4 matches found

CVE
CVE
added 2009/03/23 2:0 p.m.102 views

CVE-2008-6504

CVE-2008-6504 affects OpenSymphony XWork (ParameterInterceptor) used in Apache Struts: OGNL refs to # context objects are not properly restricted, enabling remote OGNL evaluation and modification of server-side objects. Affected: XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2; vulnerability ...

5CVSS6.8AI score0.394EPSS
CVE
CVE
added 2007/08/28 1:0 a.m.101 views

CVE-2007-4556

OpenSymphony XWork (used by WebWork and Apache Struts) before 1.2.3, and 2.x before 2.0.4, evaluates inputs as OGNL expressions when altSyntax is enabled. The underlying issue is recursive OGNL processing, which can lead to a denial of service (infinite loop) and, in some cases, remote code execu...

6.8CVSS7.7AI score0.25749EPSS
CVE
CVE
added 2011/05/13 5:0 p.m.94 views

CVE-2011-1772

CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...

2.6CVSS5.5AI score0.33111EPSS
CVE
CVE
added 2011/05/13 5:0 p.m.68 views

CVE-2011-2088

CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...

5CVSS5.9AI score0.0614EPSS