Vulnerabilities > Apache > Struts > 2.3.20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-12 | CVE-2016-4003 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | 4.3 |
| 2016-04-12 | CVE-2016-0785 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | 9.0 |