org.apache.struts:struts2-config-browser-plugin@2.3.3 vulnerabilities
-
latest version
6.4.0
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
a month ago
-
licenses detected
- [2.0.5,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.struts:struts2-config-browser-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.struts:struts2-config-browser-plugin is a free, open-source, MVC framework for creating Java web applications. Affected versions of this package are vulnerable to multiple Cross-site Scripting (XSS) vulnerabilities, allowing remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser. How to fix Cross-site Scripting (XSS)? Upgrade |
[2.0.5,2.3.16)
|