Description
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Remediation
References
http://struts.apache.org/docs/s2-031.html
http://www.securitytracker.com/id/1035664
http://www.securityfocus.com/bid/88826
Related Vulnerabilities
CVE-2023-29201 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2021-4299 Vulnerability in npm package string-kit
CVE-2018-18893 Vulnerability in maven package com.hubspot.jinjava:jinjava
CVE-2018-25031 Vulnerability in maven package com.microfocus.webjars:swagger-ui-dist
CVE-2023-32070 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-syntax-xhtml