CVE-2016-2162

2016-04-12T12:59:01
ID CVE-2016-2162
Type cve
Reporter NVD
Modified 2016-11-28T15:03:29

Description

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.