Search for packages
| purl | pkg:maven/struts/struts@1.3.10 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g2gb-x2nh-2bgz
Aliases: CVE-2012-1007 GHSA-9848-v244-962p |
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to `struts-examples/upload/upload-submit.do`, or the message parameter to (2) `struts-cookbook/processSimple.do` or (3) `struts-cookbook/processDyna.do`. | There are no reported fixed by versions. |
|
VCID-nur4-1g8a-57ew
Aliases: CVE-2014-0114 GHSA-p66x-2cv9-qq3v |
Improper Input Validation Apache Commons BeanUtils does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the `ActionForm` object in Struts | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:30:43.968698+00:00 | GHSA Importer | Affected by | VCID-g2gb-x2nh-2bgz | https://github.com/advisories/GHSA-9848-v244-962p | 38.1.0 |
| 2026-04-01T12:46:52.671753+00:00 | GitLab Importer | Affected by | VCID-nur4-1g8a-57ew | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2014-0114.yml | 38.0.0 |
| 2026-04-01T12:46:46.586305+00:00 | GitLab Importer | Affected by | VCID-g2gb-x2nh-2bgz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/struts/struts/CVE-2012-1007.yml | 38.0.0 |