Detections
Analytics

Apache Struts 2.x <= 2.3.37 / 2.5.x <= 2.5.33 / 6.x < 6.1.1 XML External Entity Injection in XWork (S2-069)

high Nessus Plugin ID 290256

Language:

Version 1.2

Feb 6, 2026, 8:56 AM

  • CVSS metrics ("CVSSv2 score" set to 9.4)
  • CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C")
  • CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "True")
  • Exploit attributes ("Exploitability ease" set to "Exploits are available")

Plugin Feed: 202602060856

Version 1.1

Jan 16, 2026, 10:12 PM

  • New

Plugin Feed: 202601162212

* Changelogs are generally available for changes made after Nov 1, 2022