Apache Struts 2 Documentation > Home > Security Bulletins
Added by Don Brown, last edited by Don Brown on Jul 16, 2007  (view change)

The following security bulletins are available:

  • S2-001Remote code exploit on form validation error
  • S2-002Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags
  • S2-003XWork ParameterInterceptors bypass allows OGNL statement execution
  • S2-004Directory traversal vulnerability while serving static content