Struts:struts
This hub aggregates every CVE we track for Struts:struts, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
0
Critical
6
High
1
In CISA KEV
Severity distribution
HIGH6MEDIUM5
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Struts:struts.
- CVE-2025-54656Apache Struts Extras: Improper Output Neutralization for Logs6.5
- CVE-2023-49735Apache Tiles: Unvalidated input may lead to path traversal and XXE7.5
- CVE-2023-34396Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms4.3
- CVE-2016-1182ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause...8.2
- CVE-2016-1181ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of serv...8.1
- CVE-2015-0899The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.7.5
- CVE-2012-1007Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload...4.3
- CVE-2008-2025Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0...4.3
- CVE-2006-1548Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote a...4.3
- CVE-2006-1547ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter na...KEV7.5
- CVE-2006-1546Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the a...7.5
Product normalization is registry-driven with AI assist and human review. How it works