Apache Struts 2.0.x < 184.108.40.206 <s:url> and <s:a> Tag XSS (S2-002)
Medium Nessus Plugin ID 117387
SynopsisA web application running on the remote host uses a Java framework that is affected by a cross-site scripting vulnerability.
DescriptionThe version of Apache Struts running on the remote host is 2.0.x prior to 220.127.116.11. It, therefore, is affected by a possible cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input to <s:url> and <s:a> tags.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 18.104.22.168 or later