struts:struts (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package struts:struts, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2016-1182 — CVSS 8.2 (high): ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote…
CVE-2016-1181 — CVSS 8.1 (high): ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote…
CVE-2006-1546 — CVSS 7.5 (high): Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a…
CVE-2015-0899 — CVSS 7.5 (high): The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions…
CVE-2023-49735 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while…
CVE-2025-54656 — CVSS 6.5 (medium): ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts…
CVE-2008-2025 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on…
CVE-2006-1548 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache…
CVE-2023-34396 — CVSS 4.3 (medium): Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache…
CVE-2012-1007 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML…