VYPR

Maven package

com.opensymphony/xwork

pkg:maven/com.opensymphony/xwork

Vulnerabilities (2)

  • CVE-2025-68493Jan 11, 2026
    affected >= 2.0.0

    Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

  • CVE-2008-6504Mar 23, 2009
    affected < 2.0.6fixed 2.0.6

    ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (