Description
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Remediation
References
http://struts.apache.org/docs/s2-031.html
http://www.securityfocus.com/bid/88826
http://www.securitytracker.com/id/1035664
Related Vulnerabilities
CVE-2020-28503 Vulnerability in maven package org.webjars.npm:copy-props
CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2023-33001 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin
CVE-2018-3757 Vulnerability in npm package pdf-image
CVE-2023-49374 Vulnerability in maven package com.jfinal:jfinal