Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-2025
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, prior to 1.2.9-108.2 on SUSE openSUSE 10.3, prior to 1.2.9-198.2 on SUSE openSUSE 11.0, and prior to 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote malicious ...
Apache Struts 1.1
Apache Struts 1.2.7
Apache Struts 1.2.8
Apache Struts 1.2.4
Apache Struts 1.0.2
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to inject arbitrary web script or HTML via the parameter name, whi...
Apache Struts
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Apache Struts 1.2.7
1 EDB exploit
2.6
CVSSv2
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute...
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.2.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.2
Apache Struts 2.0.5
1 EDB exploit
NA
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...
Apache Struts
13 Github repositories
2 Articles
NA
CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or ...
Apache Struts
NA
CVE-2023-6308
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack ma...
Four-faith Video Surveillance Management System 2017
Four-faith Video Surveillance Management System 2016
NA
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Apache Struts
NA
CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
Apache Struts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9