CVE-2013-6348

Apache Struts 2.3.15.3 - Cross-Site Scripting via Namespace Parameter

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/99047
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029266
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/99048
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Oct/244

Scores

EPSS 0.0612
EPSS Percentile 92.6%

Details

CWE
CWE-79
Status published
Products (2)
apache/struts 2.3.15.3
org.apache.struts/struts2-core 0 - 2.3.16Maven
Published Nov 02, 2013
Tracked Since Feb 18, 2026