Versions Compared

Old Version 2

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 3

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible XSS vulnerability

Maximum security rating

Low

Recommendation

Do not expose parts of Locale object constructed by I18NInterceptor as it may contain user specific string which may leads to XSS vulnerability. Alternatively upgrade to Struts 2.3.26.

Affected Software

Struts 2.0.0 - Struts Struts 2.3.24.1

Reporter

Paolo Perliti paolo dot perliti at miliaris dot it - Miliaris 

CVE Identifier

CVE-2016-2162

...