Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-2025
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, prior to 1.2.9-108.2 on SUSE openSUSE 10.3, prior to 1.2.9-198.2 on SUSE openSUSE 11.0, and prior to 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote malicious ...
Apache Struts 1.1
Apache Struts 1.2.7
Apache Struts 1.2.8
Apache Struts 1.2.4
Apache Struts 1.0.2
4.3
CVSSv2
CVE-2007-6726
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
Apache Struts 2.0.9
Dojotoolkit Dojo 0.4.1
Dojotoolkit Dojo 0.4.2
4.3
CVSSv2
CVE-2008-6682
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x prior to 2.0.11.1 and 2.1.x prior to 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the h...
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.1
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to inject arbitrary web script or HTML via the parameter name, whi...
Apache Struts
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Apache Struts 1.2.7
1 EDB exploit
2.6
CVSSv2
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute...
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.2.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.2
Apache Struts 2.0.5
1 EDB exploit
NA
CVE-2024-22512
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An...
NA
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...
Apache Struts
13 Github repositories
2 Articles
NA
CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or ...
Apache Struts
NA
CVE-2023-6308
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack ma...
Four-faith Video Surveillance Management System 2017
Four-faith Video Surveillance Management System 2016
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »