IDCVSSSummaryLast (major) updatePublished
CVE-2009-1275 6.8
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive
29-04-2009 - 05:29 09-04-2009 - 15:08
CVE-2006-1547 7.8
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHand
20-07-2017 - 01:30 30-03-2006 - 22:02
CVE-2012-0394 6.8
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a sec
21-02-2014 - 04:48 08-01-2012 - 15:55
CVE-2006-1548 4.3
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via t
20-07-2017 - 01:30 30-03-2006 - 22:02
CVE-2006-1546 7.5
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from a
20-07-2017 - 01:30 30-03-2006 - 22:02
CVE-2015-2992 4.3
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
30-03-2020 - 10:15 27-02-2020 - 18:15
Back to Top Mark selected
Back to Top