Description
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://jvn.jp/en/jp/JVN88408929/index.html
Third Party Advisory, VDB Entry x_refsource_misc
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/76624
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200330-0001/
Scores
CVSS v3
6.1
EPSS
0.0099
EPSS Percentile
77.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/struts
2.0.0 - 2.3.20
org.apache.struts/struts2-core
0 - 2.3.20Maven
Published
Feb 27, 2020
Tracked Since
Feb 18, 2026