Red Hat Bugzilla – Bug 1260087
CVE-2015-5169 struts: XSS vulnerability when devMode is turned on
Last modified: 2016-10-19 02:44:48 EDT
When debug mode is switched on in Apache Struts, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 - 220.127.116.11.
Created struts tracking bugs for this issue:
Affects: fedora-all [bug 1260091]
Affects: epel-7 [bug 1260092]