Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2012-1007
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote malicious users to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do ...
Apache Struts 1.3.10
1 EDB exploit
435
VMScore
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to st...
Apache Struts 2.0.14
Apache Struts 2.2.3
1 EDB exploit
505
VMScore
CVE-2011-5057
Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an a...
Apache Struts
1 EDB exploit
940
VMScore
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
645
VMScore
CVE-2012-0393
The ParameterInterceptor component in Apache Struts prior to 2.3.1.1 does not prevent access to public constructors, which allows remote malicious users to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Apache Struts
1 EDB exploit
685
VMScore
CVE-2012-0392
The CookieInterceptor component in Apache Struts prior to 2.3.1.1 does not use the parameter-name whitelist, which allows remote malicious users to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Apache Struts
1 EDB exploit
690
VMScore
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Apache Struts
2 EDB exploits
384
VMScore
CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, re...
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.5
Apache Struts 2.2.1.1
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.0.12
Apache Struts 2.1.1
Apache Struts 2.0.7
Apache Struts 2.0.0
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.0.11.2
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.4
446
VMScore
CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote malicious users to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerabil...
Opensymphony Xwork 2.2.1
Apache Struts 2.2.1
Opensymphony Xwork -
Opensymphony Webwork -
265
VMScore
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute...
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.2.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.2
Apache Struts 2.0.5
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »