Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
References
Link | Resource |
---|---|
http://struts.apache.org/docs/s2-030.html | Vendor Advisory |
http://www.securitytracker.com/id/1035272 | |
http://www.securityfocus.com/bid/85070 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-04-12 09:59
Updated : 2016-11-28 12:03
NVD link : CVE-2016-2162
Mitre link : CVE-2016-2162
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apache
- struts