We have Enonic XP running for quite a few customers.
I was wondering if this exploit could exist in Enonic XP?
Neither Jakarta, nor Apache Struts are used in Enonic XP, so there is no way this exploit could exist in Enonic XP.
It is possible that similar exploits could exist, but we have security tested Enonic XP, and found no vulnerabilities in our software. However, developers of web-site should always be aware of how they code their parts and especially forms that allow users to give feed-back. With careless programming, it is possible to open up security holes on Enonic XP-driven sites.
Quality Manager @ Enonic