CVE-2015-2992: XSS
First published: Thu Feb 27 2020(Updated: )
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Struts | >=2.0.0<2.3.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Apache Struts before 2.3.20 cross-site scripting (XSS) vulnerability?
Apache Struts before 2.3.20 is vulnerable to cross-site scripting (XSS), which allows attackers to inject malicious scripts into web pages viewed by users.
What is the severity of CVE-2015-2992?
The severity of CVE-2015-2992 is medium with a CVSS score of 6.1.
How does the XSS vulnerability in Apache Struts before 2.3.20 affect software?
The XSS vulnerability in Apache Struts before 2.3.20 can affect software that uses the vulnerable version, potentially allowing attackers to execute malicious scripts on the affected system.
How can I fix the Apache Struts before 2.3.20 XSS vulnerability?
To fix the XSS vulnerability in Apache Struts before 2.3.20, upgrade to a version that is not affected by the vulnerability (2.3.20 or later) or apply the available security patch.
Where can I find more information about CVE-2015-2992?
You can find more information about CVE-2015-2992 in the following resources: [JVN](http://jvn.jp/en/jp/JVN88408929/index.html), [JVNDB](http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html), [SecurityFocus](http://www.securityfocus.com/bid/76624).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache struts
- version/apache struts/2.0.0