GHSA-2j4q-9fff-236j

Source

https://github.com/advisories/GHSA-2j4q-9fff-236j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2j4q-9fff-236j/GHSA-2j4q-9fff-236j.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-2j4q-9fff-236j

Aliases

CVE-2016-2162

Published

2022-05-17T03:42:59Z

Modified

2024-01-02T05:51:38.601627Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Apache Struts XSS Vulnerability

Details

Apache Struts 2.x before 2.3.28 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

Database specific

{
    "nvd_published_at": "2016-04-12T16:59:00Z",
    "github_reviewed_at": "2023-07-31T22:46:20Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Maven / org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.3.28

Affected versions

2.*

2.0.5

2.0.6

2.0.8

2.0.9

2.0.11

2.0.11.1

2.0.11.2

2.0.12

2.0.14

2.1.2

2.1.6

2.1.8

2.1.8.1

2.2.1

2.2.1.1

2.2.3

2.2.3.1

2.3.1

2.3.1.1

2.3.1.2

2.3.3

2.3.4

2.3.4.1

2.3.7

2.3.8

2.3.12

2.3.14

2.3.14.1

2.3.14.2

2.3.14.3

2.3.15

2.3.15.1

2.3.15.2

2.3.15.3

2.3.16

2.3.16.1

2.3.16.2

2.3.16.3

2.3.20

2.3.20.1

2.3.20.3

2.3.24

2.3.24.1

2.3.24.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2j4q-9fff-236j/GHSA-2j4q-9fff-236j.json"