Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
2 Github repositories available
1 Article available
5
CVSSv2
CVE-2016-4433
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request....
Apache
Struts
9.3
CVSSv2
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
32 Github repositories available
1 Article available
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is...
Apache
Struts
5
CVSSv2
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
8 Github repositories available
1 Article available
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache
Struts
6.8
CVSSv2
CVE-2016-4430
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors....
Apache
Struts
7.5
CVSSv2
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE:...
Apache
Struts
1 EDB exploit available
2 Github repositories available
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message....
Apache
Struts
1 EDB exploit available
4.3
CVSSv2
CVE-2016-2162
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display....
Apache
Struts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-11061
mods for hesk
CVE-2020-8193
remote attackers
CVE-2020-8558
reflected XSS
CVE-2020-7693
administrator privileges
mods-for-hesk
CVE-2020-15526
CVE-2020-7457
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon