VYPR

Struts

by Apache

Source repositories

CVEs (85)

  • CVE-2011-2087May 13, 2011
    risk 0.00cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related…

  • CVE-2008-6682Apr 9, 2009
    risk 0.00cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute…

  • CVE-2007-6726Apr 9, 2009
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

  • CVE-2006-1548Mar 30, 2006
    risk 0.00cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is…

  • CVE-2006-1546Mar 30, 2006
    risk 0.00cvss epss 0.06

    Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use…

Page 5 of 5