Описание
Apache Struts XSS Vulnerability
Apache Struts 2.x before 2.3.28 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-2162
- https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327
- https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
- https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070
- https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272
- http://struts.apache.org/docs/s2-030.html
Пакеты
org.apache.struts:struts2-core
>= 2.0.0, < 2.3.28
2.3.28
Связанные уязвимости
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale o ...
Уязвимость программной платформы Apache Struts, позволяющая нарушителю провести XSS-атаки