Apache Struts 2.x < 2.2.3 Multiple XSS (S2-006)
Medium Nessus Plugin ID 117388
SynopsisA web application running on the remote host uses a Java framework that is affected by multiple cross-site scripting vulnerabilities.
DescriptionThe version of Apache Struts running on the remote host is 2.x prior to 2.2.3. It, therefore, is affected by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of action names.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 2.2.3 or later