Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
2 Github repositories available
1 Article available
5
CVSSv2
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....
Apache
Struts
2 Github repositories available
4.3
CVSSv2
CVE-2015-2992
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability....
Apache
Struts
4.3
CVSSv2
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded...
Apache
Struts
1 Github repository available
7.5
CVSSv2
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....
Apache
Struts
8 Github repositories available
3 Articles available
4.3
CVSSv2
CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...
Apache
Struts
2 Github repositories available
5
CVSSv2
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33....
Apache
Struts
1 Github repository available
2 Articles available
10
CVSSv2
CVE-2012-0838
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field....
Apache
Struts
4.3
CVSSv2
CVE-2008-2025
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to...
Apache
Struts
6.4
CVSSv2
CVE-2016-1182
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899....
Apache
Struts
1 Github repository available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-0674
CVE-2020-7615
clink office
CVE-2017-18687
android
google
buffer overflow
communilink
spoof
CVE-2017-18691
CVE-2020-11512
CVE-2019-17026
cross-site scripting
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon