Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-6682
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x prior to 2.0.11.1 and 2.1.x prior to 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the h...
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.1
4.3
CVSSv2
CVE-2007-6726
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
Apache Struts 2.0.9
Dojotoolkit Dojo 0.4.1
Dojotoolkit Dojo 0.4.2
5
CVSSv2
CVE-2008-6504
ParametersInterceptor in OpenSymphony XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote malicious users to execute Object-Graph Navigation ...
Opensymphony Xwork 2.0.5
Opensymphony Xwork 2.1.0
Opensymphony Xwork 2.0.1
Opensymphony Xwork 2.0.2
Opensymphony Xwork 2.0.0
Opensymphony Xwork 2.1.1
Opensymphony Xwork 2.0.3
Opensymphony Xwork 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.0
Apache Struts 2.0.2
Apache Struts 2.0.9
Apache Struts 2.0.11
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
1 EDB exploit
5
CVSSv2
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.3 allow remote malicious users to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) ...
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.6
Apache Struts 2.0.8
Apache Struts 2.1.2 Beta
Apache Struts 2.0.9
Apache Struts 2.0.11
1 EDB exploit
6.8
CVSSv2
CVE-2007-4556
Struts support in OpenSymphony XWork prior to 1.2.3, and 2.x prior to 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote malicious users to cause a de...
Opensymphony Xwork
7.8
CVSSv2
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts prior to 1.2.9 with BeanUtils 1.7 allows remote malicious users to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which prov...
Apache Struts 1.2.7
Apache Struts
1 Github repository
7.5
CVSSv2
CVE-2006-1546
Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications ...
Apache Struts
1 Github repository
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to inject arbitrary web script or HTML via the parameter name, whi...
Apache Struts
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Apache Struts 1.2.7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9