Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-6348 from the MITRE CVE dictionary dictionary and NIST NVD.
Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products.