Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to inject arbitrary web script or HTML via the parameter name, whi...
Apache Struts
4.3
CVSSv2
CVE-2015-2992
Apache Struts prior to 2.3.20 has a cross-site scripting (XSS) vulnerability.
Apache Struts
9.3
CVSSv2
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
4.3
CVSSv2
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
NA
CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or ...
Apache Struts
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 2.3.20.
Apache Struts
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Apache Struts 1.2.7
1 EDB exploit
6.5
CVSSv2
CVE-2012-1592
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
Apache Struts 2.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.
Apache Struts 2.3.20
4.3
CVSSv2
CVE-2013-6348
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote malicious users to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
Apache Struts 2.3.15.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »