Show filters
13 Total Results
Displaying 11-13 of 13
Sort by:
Attacker Value
Unknown

CVE-2016-3082

Disclosure Date: April 26, 2016 (last updated November 25, 2024)
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
0
0
Attacker Value
Unknown

CVE-2016-2162

Disclosure Date: April 12, 2016 (last updated November 25, 2024)
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
0
0
Attacker Value
Unknown

CVE-2014-7809

Disclosure Date: December 10, 2014 (last updated October 05, 2023)
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.
0
0
View More Topics  < Previous