A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
source: wwwsecurityfocuscom/bid/52702/info
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process This may facilitate unauthorized access or privileg ...