CVE-2016-2162 – org.apache.struts:struts2-core

Package

Manager: maven
Name: org.apache.struts:struts2-core
Vulnerable Version: >=2.0.0 <2.3.28

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.06525 pctl0.90737

Details

Apache Struts XSS Vulnerability Apache Struts 2.x before 2.3.28 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

Metadata

Created: 2022-05-17T03:42:59Z
Modified: 2023-11-07T19:13:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2j4q-9fff-236j/GHSA-2j4q-9fff-236j.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2j4q-9fff-236j
Finding: F008
Auto approve: 1