CVE-2016-2162

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.struts/struts2-core

Identifiers

GHSA-2j4q-9fff-236j, CVE-2016-2162

Package Slug

maven/org.apache.struts/struts2-core

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

Affected Versions

All versions starting from 2.0.0 before 2.3.28

Solution

Upgrade to version 2.3.28 or above.

Last Modified

2023-11-08

source