4.3
CVSSv2

CVE-2013-6348

Published: 02/11/2013 Updated: 25/11/2013
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote malicious users to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

Affected Products

Vendor Product Versions
ApacheStruts2.3.15.3

Vendor Advisories

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 23153 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNamesaction and (2) showConfigaction in config-browser/ ...