Page 8 of 63 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/. Vulnerabilidades múltiples de Cross Site Scripting (XSS) en Apache Struts 2.3.15.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) parámetro de espacio de nombres actionNames.action y (2) showConfig.action en la configuración del navegador • http://en.wooyun.org/bugs/wooyun-2013-034?2592 http://osvdb.org/99047 http://osvdb.org/99048 http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Oct/244 http://www.securitytracker.com/id/1029266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://struts.apache.org/release/2.3.x/docs/s2-019.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029078 • CWE-16: Configuration CWE-284: Improper Access Control •

CVSS: 5.8EPSS: 1%CPEs: 45EXPL: 0

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Apache Struts v2.0.0 hasta v2.3.15.1 permite a atacantes remotos evitar los controles de acceso a través de una acción manipulada: prefix. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html http://secunia.com/advisories/54919 http://secunia.com/advisories/56483 http://secunia.com/advisories/56492 http://struts.apache.org/release/2.3.x/docs/s2-018.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029077 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 97%CPEs: 44EXPL: 3

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un parámetro con una (1)acción:, (2) redirect:, o (3) redirectAction: Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected. Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. • https://www.exploit-db.com/exploits/27135 https://www.exploit-db.com/exploits/44583 https://github.com/nth347/CVE-2013-2251 http://archiva.apache.org/security.html http://cxsecurity.com/issue/WLB-2014010087 http://osvdb.org/98445 http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2013/Oct/96 http://seclists.org/oss-sec/2014/q1/89 http://struts.apache.org/release/2.3.x/docs/s2-016.html http:&#x • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 96%CPEs: 44EXPL: 1

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. Múltiples vulnerabilidades de redirección en Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL en un parámetro usando (1) redirect: o (2) redirectAction: Struts2 suffers from an open redirection vulnerability. Versions 2.0.0 through 2.3.15 are affected. • https://www.exploit-db.com/exploits/38666 http://struts.apache.org/release/2.3.x/docs/s2-017.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/61196 http://www.securityfocus.com/bid/64758 • CWE-20: Improper Input Validation •