- Home
- CVEs with nessus.description==The web application on the remote host is affected by a cross-site scripting vulnerability due to a vulnerable version of Apache Struts 2 that fails to properly encode the parameters in the 's:a' and 's:url' tags.
A remote attacker can exploit this by tricking a user into requesting a page with arbitrary script code injected. This could have consequences such as stolen authentication credentials.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top