Moderate severityNVD Advisory· Published Nov 2, 2013· Updated Jun 17, 2026
CVE-2013-6348
CVE-2013-6348
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | < 2.3.16 | 2.3.16 |
Affected products
2Patches
Vulnerability mechanics
References
12- en.wooyun.org/bugs/wooyun-2013-034nvdExploit
- packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.htmlnvdExploitWEB
- seclists.org/fulldisclosure/2013/Oct/244nvdExploitWEB
- github.com/advisories/GHSA-3g8j-jj54-3vjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-6348ghsaADVISORY
- issues.apache.org/jira/browse/WW-4213ghsaWEB
- security-tracker.debian.org/tracker/CVE-2013-6348ghsaWEB
- svn.apache.org/viewvcghsaWEB
- ubuntu.com/security/CVE-2013-6348ghsaWEB
- osvdb.org/99047nvd
- osvdb.org/99048nvd
- www.securitytracker.com/id/1029266nvd
News mentions
0No linked articles in our index yet.