| CVE-2017-12611 |
critical |
9.8 |
10.0 |
|
|
|
9y ago |
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal |
| CVE-2016-3087 |
critical |
9.8 |
10.0 |
|
|
|
10y ago |
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation |
| CVE-2013-4316 |
critical |
— |
10.0 |
|
|
|
13y ago |
Code injection in Apache Struts |
| CVE-2013-2134 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-1966 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts |
| CVE-2012-0838 |
critical |
— |
10.0 |
|
|
|
15y ago |
Apache Struts Code injection due to conversion error |
| CVE-2016-4436 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Apache Struts improper action name cleanup |
| CVE-2016-4438 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2016-3082 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Remote Code Execution in Apache Struts |
| CVE-2013-2135 |
critical |
— |
9.3 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-1965 |
critical |
— |
9.3 |
|
|
|
13y ago |
Improper Control of Generation of Code in Apache Struts |
| CVE-2012-0392 |
medium |
— |
7.8 |
|
|
|
15y ago |
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist |
| CVE-2012-0393 |
medium |
— |
7.4 |
|
|
|
15y ago |
Apache Struts's ParameterInterceptor component does not prevent access to public constructors |
| CVE-2014-7809 |
medium |
— |
6.8 |
|
|
|
12y ago |
Cross-Site Request Forgery in Apache Struts |
| CVE-2013-2248 |
medium |
— |
6.8 |
|
|
|
13y ago |
Open redirect in Apache Struts |
| CVE-2012-4386 |
medium |
— |
6.8 |
|
|
|
14y ago |
Cross-Site Request Forgery in Apache Struts |
| CVE-2015-5169 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Cross-site Scripting in Apache Struts |
| CVE-2016-4003 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Cross-site Scripting in Apache Struts |
| CVE-2016-2162 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Apache Struts XSS Vulnerability |
| CVE-2014-0094 |
medium |
— |
6.0 |
|
|
|
12y ago |
ClassLoader manipulation in Apache Struts |
| CVE-2010-1870 |
medium |
— |
6.0 |
|
|
|
16y ago |
Server side object manipulation in Apache Struts |
| CVE-2016-8738 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Apache Struts vulnerable to possible DoS attack when using URLValidator |
| CVE-2017-7672 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Apache Struts Improper Input Validation vulnerability |
| CVE-2014-0116 |
medium |
— |
5.8 |
|
|
|
12y ago |
ClassLoader manipulation in Apache Struts |
| CVE-2013-4310 |
medium |
— |
5.8 |
|
|
|
13y ago |
Apache Struts2 Broken Access Control Vulnerability |
| CVE-2016-4465 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Apache Struts vulnerable to possible DoS attack when using URLValidator |
| CVE-2016-3093 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Denial of service in Apache Struts |
| CVE-2013-6348 |
medium |
— |
4.3 |
|
|
|
13y ago |
Apache Struts is vulnerable to Cross-site Scripting |
