Apache: >> Struts >> 2.3.24.1 Security Vulnerabilities
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
CVSS Score
8.8
EPSS Score
0.334
Published
2016-04-12
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
CVSS Score
6.8
EPSS Score
0.012
Published
2009-04-09
Page 4