Child pages
  • S2-007

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

Excerpt

Multiple Cross-Site Scripting (XSS) in XWork generated error pagesUser input is evaluated as an OGNL expression when there's a conversion error

Who should read this

All Struts 2 developers

Impact of vulnerability

Remote Code Execution

Maximum security rating

Important

Recommendation

Developers should either upgrade to Struts 2.2.3.1 or apply the configuration changes described below

Affected Software

Struts 2.0.0 - Struts 2.2.3

Original JIRA Tickets

WW-3668

Reporter

Hideyuki Suzumi

CVE Identifier

-

...