Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-7809
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism....
Apache
Struts
3 Github repositories available
4.3
CVSSv2
CVE-2008-6682
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href...
Apache
Struts
5
CVSSv2
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
8 Github repositories available
1 Article available
4.3
CVSSv2
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to...
Apache
Struts
1 EDB exploit available
4.3
CVSSv2
CVE-2012-1007
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or...
Apache
Struts
1 EDB exploit available
4.3
CVSSv2
CVE-2016-8738
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL....
Apache
Struts
5
CVSSv2
CVE-2016-4433
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request....
Apache
Struts
9.3
CVSSv2
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
1 Github repository available
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache
Struts
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is...
Apache
Struts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-1630
CVE-2020-0674
CVE-2018-21038
bypass
CVE-2020-1987
CVE-2020-1988
insecure direct object reference
race condition
CVE-2020-6819
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon