Lucene search
+L

Missing XML Validation

🗓️ 17 Feb 2026 13:35:11Reported by Veracode Vulnerability DatabaseType 
veracode
 veracode
🔗 sca.analysiscenter.veracode.com👁 10 Views

Apache Struts has a missing XML validation vulnerability allowing crafted XML to bypass controls.

Related
Detection
Refs
Vulners
Node
OR
apachestruts2-coreRange6.0.06.0.3java
apachestruts2-coreRange2.0.52.3.37java
apachestruts2-coreRange2.5-atlassian-1-atlassian-12.5.33java
apachestruts2-coreMatch2.0.11java
apachestruts2-coreMatch2.0.11.1java
apachestruts2-coreMatch2.0.11.2java
apachestruts2-coreMatch2.0.12java
apachestruts2-coreMatch2.0.14java
apachestruts2-coreMatch2.0.5java
apachestruts2-coreMatch2.0.6java
apachestruts2-coreMatch2.0.8java
apachestruts2-coreMatch2.0.9java
apachestruts2-coreMatch2.1.2java
apachestruts2-coreMatch2.1.6java
apachestruts2-coreMatch2.1.8java
apachestruts2-coreMatch2.1.8.1java
apachestruts2-coreMatch2.2.1java
apachestruts2-coreMatch2.2.1.1java
apachestruts2-coreMatch2.2.3java
apachestruts2-coreMatch2.2.3.1java
apachestruts2-coreMatch2.3.1java
apachestruts2-coreMatch2.3.1.1java
apachestruts2-coreMatch2.3.1.2java
apachestruts2-coreMatch2.3.12java
apachestruts2-coreMatch2.3.14java
apachestruts2-coreMatch2.3.14.1java
apachestruts2-coreMatch2.3.14.2java
apachestruts2-coreMatch2.3.14.3java
apachestruts2-coreMatch2.3.15java
apachestruts2-coreMatch2.3.15.1java
apachestruts2-coreMatch2.3.15.2java
apachestruts2-coreMatch2.3.15.3java
apachestruts2-coreMatch2.3.16java
apachestruts2-coreMatch2.3.16.1java
apachestruts2-coreMatch2.3.16.2java
apachestruts2-coreMatch2.3.16.3java
apachestruts2-coreMatch2.3.20java
apachestruts2-coreMatch2.3.20.1java
apachestruts2-coreMatch2.3.20.3java
apachestruts2-coreMatch2.3.24java
apachestruts2-coreMatch2.3.24.1java
apachestruts2-coreMatch2.3.24.3java
apachestruts2-coreMatch2.3.28java
apachestruts2-coreMatch2.3.28.1java
apachestruts2-coreMatch2.3.29java
apachestruts2-coreMatch2.3.3java
apachestruts2-coreMatch2.3.30java
apachestruts2-coreMatch2.3.31java
apachestruts2-coreMatch2.3.32java
apachestruts2-coreMatch2.3.33java
apachestruts2-coreMatch2.3.34java
apachestruts2-coreMatch2.3.35java
apachestruts2-coreMatch2.3.36java
apachestruts2-coreMatch2.3.4java
apachestruts2-coreMatch2.3.4.1java
apachestruts2-coreMatch2.3.7java
apachestruts2-coreMatch2.3.8java
apachestruts2-coreMatch2.5java
apachestruts2-coreMatch2.5.1java
apachestruts2-coreMatch2.5.10java
apachestruts2-coreMatch2.5.10.1java
apachestruts2-coreMatch2.5.12java
apachestruts2-coreMatch2.5.13java
apachestruts2-coreMatch2.5.14java
apachestruts2-coreMatch2.5.14.1java
apachestruts2-coreMatch2.5.16java
apachestruts2-coreMatch2.5.17java
apachestruts2-coreMatch2.5.18java
apachestruts2-coreMatch2.5.2java
apachestruts2-coreMatch2.5.20java
apachestruts2-coreMatch2.5.22java
apachestruts2-coreMatch2.5.25java
apachestruts2-coreMatch2.5.26java
apachestruts2-coreMatch2.5.27java
apachestruts2-coreMatch2.5.28java
apachestruts2-coreMatch2.5.28.1java
apachestruts2-coreMatch2.5.28.2java
apachestruts2-coreMatch2.5.28.3java
apachestruts2-coreMatch2.5.29java
apachestruts2-coreMatch2.5.30java
apachestruts2-coreMatch2.5.31java
apachestruts2-coreMatch2.5.32java
apachestruts2-coreMatch2.5.5java
apachestruts2-coreMatch2.5.8java
apachestruts2-coreMatch6.0.0java
apachestruts2-coreRange2.0.02.3.37java
apachestruts2-coreRange2.5.02.5.33java
apachexwork-coreRange2.2.12.3.37java
apachexwork-coreMatch2.2.1java
apachexwork-coreMatch2.2.1.1java
apachexwork-coreMatch2.2.3java
apachexwork-coreMatch2.2.3.1java
apachexwork-coreMatch2.3.1java
apachexwork-coreMatch2.3.1.1java
apachexwork-coreMatch2.3.1.2java
apachexwork-coreMatch2.3.12java
apachexwork-coreMatch2.3.14java
apachexwork-coreMatch2.3.14.1java
apachexwork-coreMatch2.3.14.2java
apachexwork-coreMatch2.3.14.3java
apachexwork-coreMatch2.3.15java
apachexwork-coreMatch2.3.15.1java
apachexwork-coreMatch2.3.15.2java
apachexwork-coreMatch2.3.15.3java
apachexwork-coreMatch2.3.16java
apachexwork-coreMatch2.3.16.1java
apachexwork-coreMatch2.3.16.2java
apachexwork-coreMatch2.3.16.3java
apachexwork-coreMatch2.3.20java
apachexwork-coreMatch2.3.20.1java
apachexwork-coreMatch2.3.20.3java
apachexwork-coreMatch2.3.24java
apachexwork-coreMatch2.3.24.1java
apachexwork-coreMatch2.3.24.3java
apachexwork-coreMatch2.3.28java
apachexwork-coreMatch2.3.28.1java
apachexwork-coreMatch2.3.29java
apachexwork-coreMatch2.3.3java
apachexwork-coreMatch2.3.30java
apachexwork-coreMatch2.3.31java
apachexwork-coreMatch2.3.32java
apachexwork-coreMatch2.3.33java
apachexwork-coreMatch2.3.34java
apachexwork-coreMatch2.3.35java
apachexwork-coreMatch2.3.36java
apachexwork-coreMatch2.3.4java
apachexwork-coreMatch2.3.4.1java
apachexwork-coreMatch2.3.7java
apachexwork-coreMatch2.3.8java
opensymphonyxworkRange2.0.02.2.0java
opensymphonyxworkMatch2.0.4java
opensymphonyxworkMatch2.0.5java
opensymphonyxworkMatch2.0.6java
opensymphonyxworkMatch2.0.7java
opensymphonyxworkMatch2.1.0java
opensymphonyxworkMatch2.1.1java
opensymphonyxworkMatch2.1.2java
opensymphonyxworkMatch2.1.3java
opensymphonyxworkRange2.0.02.1.3java

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Jul 2026 14:11Current
5.6Medium risk
Vulners AI Score5.6
CVSS 3.18.1
EPSS0.23054
SSVC
10