- EPSS 2.56%
- Veröffentlicht 13.05.2011 17:05:45
- Zuletzt bearbeitet 11.04.2025 00:51:21
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method...
CVE-2011-1772
- EPSS 57.6%
- Veröffentlicht 13.05.2011 17:05:44
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2...
- EPSS 65.08%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 09.04.2025 00:30:58
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Obje...
CVE-2007-4556
- EPSS 2.36%
- Veröffentlicht 28.08.2007 01:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote att...