Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/struts/struts@1.1-beta-2
purl pkg:maven/struts/struts@1.1-beta-2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-1vy2-r1jp-5uhe
Aliases:
CVE-2016-1182
GHSA-5ggr-mpgw-3mgx
Improper Input Validation in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. There are no reported fixed by versions.
VCID-ah3u-a8sk-xbh7
Aliases:
CVE-2006-1548
GHSA-p3vw-fvwx-qcv5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
1.2.9
Affected by 8 other vulnerabilities.
VCID-f9ps-1wyz-d7he
Aliases:
CVE-2008-2025
GHSA-wcgx-2hvx-5cwr
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
1.2.9-162.31.1
Affected by 0 other vulnerabilities.
VCID-g1q5-zmdw-53fu
Aliases:
CVE-2006-1547
GHSA-7qwv-cwgj-c8rj
Improper Input Validation in Apache Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
1.2.9
Affected by 8 other vulnerabilities.
VCID-hxww-hfbr-a3cm
Aliases:
CVE-2012-1007
GHSA-9848-v244-962p
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to `struts-examples/upload/upload-submit.do`, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`. There are no reported fixed by versions.
VCID-mca1-peyj-d3bg
Aliases:
CVE-2014-0114
GHSA-p66x-2cv9-qq3v
Improper Input Validation Apache Commons BeanUtils does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the `ActionForm` object in Struts There are no reported fixed by versions.
VCID-yf42-xtpw-dkbk
Aliases:
CVE-2016-1181
GHSA-7jw3-5q4w-89qg
Improper Input Validation in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. There are no reported fixed by versions.
VCID-z6tk-996b-9yay
Aliases:
CVE-2006-1546
GHSA-vf8g-mpmw-qv87
Apache Struts vulnerable to Improper Input Validation Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
1.2.9
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T01:54:00.586790+00:00 GitLab Importer Affected by VCID-yf42-xtpw-dkbk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2016-1181.yml 38.6.0
2026-06-06T01:52:10.610463+00:00 GitLab Importer Affected by VCID-1vy2-r1jp-5uhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2016-1182.yml 38.6.0
2026-06-06T01:44:01.067827+00:00 GitLab Importer Affected by VCID-g1q5-zmdw-53fu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2006-1547.yml 38.6.0
2026-06-06T01:43:44.830980+00:00 GitLab Importer Affected by VCID-ah3u-a8sk-xbh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2006-1548.yml 38.6.0
2026-06-06T01:43:38.969911+00:00 GitLab Importer Affected by VCID-z6tk-996b-9yay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2006-1546.yml 38.6.0
2026-06-06T01:43:35.913976+00:00 GitLab Importer Affected by VCID-f9ps-1wyz-d7he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2008-2025.yml 38.6.0
2026-06-04T20:04:11.885768+00:00 GitLab Importer Affected by VCID-mca1-peyj-d3bg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2014-0114.yml 38.6.0
2026-06-04T20:03:16.574909+00:00 GitLab Importer Affected by VCID-hxww-hfbr-a3cm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2012-1007.yml 38.6.0