CVE-2016-2162
- Source
- https://cve.org/CVERecord?id=CVE-2016-2162
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2162.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-2162
- Aliases
- Published
- 2016-04-12T16:59:01.203Z
- Modified
- 2026-05-28T04:03:37.670720486Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "2.0.0" }, { "last_affected": "2.1.2_beta" }, { "last_affected": "2.1.2_beta" } ], "vendor_product": "apache:struts", "cpes": [ "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*" ], "source": "CPE_STRING" } ] }- References
Affected packages
Git / github.com/apache/struts
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/struts
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.0.0" }, { "last_affected": "2.0.1" }, { "last_affected": "2.0.2" }, { "last_affected": "2.0.3" }, { "last_affected": "2.0.4" }, { "last_affected": "2.0.5" }, { "last_affected": "2.0.6" }, { "last_affected": "2.0.7" }, { "last_affected": "2.0.8" }, { "last_affected": "2.0.9" }, { "last_affected": "2.0.10" }, { "last_affected": "2.0.11" }, { "last_affected": "2.0.11.1" }, { "last_affected": "2.0.11.2" }, { "last_affected": "2.0.12" }, { "last_affected": "2.0.13" }, { "last_affected": "2.0.14" }, { "last_affected": "2.1" }, { "last_affected": "2.1.0" }, { "last_affected": "2.1.1" }, { "last_affected": "2.1.2" }, { "last_affected": "2.1.3" }, { "last_affected": "2.1.4" }, { "last_affected": "2.1.5" }, { "last_affected": "2.1.6" }, { "last_affected": "2.1.8" }, { "last_affected": "2.1.8.1" }, { "last_affected": "2.2.1" }, { "last_affected": "2.2.1.1" }, { "last_affected": "2.2.3" }, { "last_affected": "2.2.3.1" }, { "last_affected": "2.3.1" }, { "last_affected": "2.3.1.1" }, { "last_affected": "2.3.1.2" }, { "last_affected": "2.3.3" }, { "last_affected": "2.3.4" }, { "last_affected": "2.3.4.1" }, { "last_affected": "2.3.7" }, { "last_affected": "2.3.8" }, { "last_affected": "2.3.12" }, { "last_affected": "2.3.14" }, { "last_affected": "2.3.14.1" }, { "last_affected": "2.3.14.2" }, { "last_affected": "2.3.14.3" }, { "last_affected": "2.3.15" }, { "last_affected": "2.3.15.1" }, { "last_affected": "2.3.15.2" }, { "last_affected": "2.3.15.3" }, { "last_affected": "2.3.16" }, { "last_affected": "2.3.16.1" }, { "last_affected": "2.3.16.2" }, { "last_affected": "2.3.16.3" }, { "last_affected": "2.3.20" }, { "last_affected": "2.3.24" }, { "last_affected": "2.3.24.1" } ], "source": "CPE_STRING" }
Affected versions
Other
STRUTS_2_0_0
STRUTS_2_0_1
STRUTS_2_0_10
STRUTS_2_0_11
STRUTS_2_0_11_1
STRUTS_2_0_11_2
STRUTS_2_0_12
STRUTS_2_0_13
STRUTS_2_0_14
STRUTS_2_0_2
STRUTS_2_0_3
STRUTS_2_0_4
STRUTS_2_0_5
STRUTS_2_0_6
STRUTS_2_0_7
STRUTS_2_0_8
STRUTS_2_0_9
STRUTS_2_1_0
STRUTS_2_1_1
STRUTS_2_1_2
STRUTS_2_1_3
STRUTS_2_1_4
STRUTS_2_1_5
STRUTS_2_1_6
STRUTS_2_1_8
STRUTS_2_1_8_1
STRUTS_2_2_1
STRUTS_2_2_1_1
STRUTS_2_2_3
STRUTS_2_2_3_1
STRUTS_2_3_1
STRUTS_2_3_12
STRUTS_2_3_14
STRUTS_2_3_14_1
STRUTS_2_3_14_2
STRUTS_2_3_14_3
STRUTS_2_3_15
STRUTS_2_3_15_1
STRUTS_2_3_15_2
STRUTS_2_3_15_3
STRUTS_2_3_16
STRUTS_2_3_16_1
STRUTS_2_3_16_2
STRUTS_2_3_16_3
STRUTS_2_3_1_1
STRUTS_2_3_1_2
STRUTS_2_3_20
STRUTS_2_3_24
STRUTS_2_3_24_1
STRUTS_2_3_3
STRUTS_2_3_4
STRUTS_2_3_4_1
STRUTS_2_3_7
STRUTS_2_3_8