pkg:Maven/org.apache.struts.xwork:xwork-core

All known vulnerabilities

• CRITICAL9.8CVE-2012-0391⚠ KEVApache Struts Remote Java Code Execution
  from 0, < 2.2.3.1
• HIGH8.8CVE-2016-4430Apache Struts CSRF Vulnerability
  >= 2.3.20, < 2.3.29
• HIGH8.1CVE-2025-68493Apache Struts 2 is Missing XML Validation
  >= 2.2.1
• HIGH8.1Code injection in Apache Struts
  >= 2.0.0, < 2.3.14.2
• HIGH7.5Apache Struts Open Redirect
  >= 2.3.20, < 2.3.29
• —Denial of service in Apache Struts
  >= 2.0.0, < 2.3.4.1
• —Incomplete exclude pattern in Apache Struts
  >= 2.0.0, < 2.3.20.1
• —XWork in Apache Struts Reveals Sensitive Information
  from 0, < 2.2.2
• —Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —Apache Struts Code injection due to conversion error
  from 0, < 2.2.3.1
• —Arbitrary code execution in Apache Struts
  >= 2.0.0, < 2.3.14.2
• —ClassLoader manipulation in Apache Struts
  >= 2.0.0, < 2.3.16.2
• —Apache Struts's ParameterInterceptor component does not prevent access to public constructors
  from 0, < 2.2.3.1
• —Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
  from 0, < 2.3.18
• —Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
  from 0, < 2.2.3.1