{"id":"CVE-2016-2162","details":"Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.","aliases":["GHSA-2j4q-9fff-236j"],"modified":"2026-04-10T03:50:37.458105Z","published":"2016-04-12T16:59:01.203Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/85070"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035272"},{"type":"ADVISORY","url":"http://struts.apache.org/docs/s2-030.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/struts","events":[{"introduced":"0"},{"last_affected":"2c0a197cea8fdc7d8cda5eeaa15a1c76507ac0a5"},{"introduced":"0"},{"last_affected":"2a4ea6dce4e2d622a57480c1bc337f46315fde96"},{"introduced":"0"},{"last_affected":"591347a498b358112cf478a3135107eae39d6e43"},{"introduced":"0"},{"last_affected":"a614104a485c8b1a8d16d51511b50d922f00ab3f"},{"introduced":"0"},{"last_affected":"df365f17ea11e319302f648e86da3188ce1c5656"},{"introduced":"0"},{"last_affected":"cb580fe614d5ff73776c34e39a93aae2ad557757"},{"introduced":"0"},{"last_affected":"fe62eb03471666cb871c1d5969b98dc79d578d2d"},{"introduced":"0"},{"last_affected":"de154978ca69a59079024dc6468eedd261293bff"},{"introduced":"0"},{"last_affected":"8135547c7a53364c17a93ba0a38f0463f0315ac5"},{"introduced":"0"},{"last_affected":"b3f712eb1b6b7d38b6f3dce6ee63147f0f96c259"},{"introduced":"0"},{"last_affected":"b8cadf565addce57581d13e9a8011eec6f42b0f4"},{"introduced":"0"},{"last_affected":"e372ca3d17ba24778cf57e502ba85bc75b613f2c"},{"introduced":"0"},{"last_affected":"4b744ef87b9bd8ebff43675259df3ae650c9585e"},{"introduced":"0"},{"last_affected":"77cd231b589249b07f36e29061970070ecdd50f3"},{"introduced":"0"},{"last_affected":"645d06e11668b66204db10b5628685650333c5c1"},{"introduced":"0"},{"last_affected":"f187d90a12dd4b5c22a11d7ce7b6549f29516ff8"},{"introduced":"0"},{"last_affected":"6fa6f1014b309a96755e94d13563052055402701"},{"introduced":"0"},{"last_affected":"ea055ccb9d7dde6a55a0173e1ecff023fb402334"},{"introduced":"0"},{"last_affected":"ea055ccb9d7dde6a55a0173e1ecff023fb402334"},{"introduced":"0"},{"last_affected":"6a39976815adf55ada5c4e246d57ec13d9a5ec99"},{"introduced":"0"},{"last_affected":"f633bb8270ea52b8d168ade14b8721d8739ceab1"},{"introduced":"0"},{"last_affected":"daa62ed42adee485f30f2e8f43893900b5cd64e9"},{"introduced":"0"},{"last_affected":"6bf54d0b555cf64d46243054a1a8f57356b38f2b"},{"introduced":"0"},{"last_affected":"28c17a1b779635a3f3af39169224ea335a0379e2"},{"introduced":"0"},{"last_affected":"e893492adcacc5b4f09f378fe1d8f80de1814038"},{"introduced":"0"},{"last_affected":"3f3776e7dcf106fe05041c743ea32c779e595197"},{"introduced":"0"},{"last_affected":"ef3c3ece89c6723340c9bc9271e3d2130378afad"},{"introduced":"0"},{"last_affected":"2bbc0452601e9816eabcffae0775f9549a651e4c"},{"introduced":"0"},{"last_affected":"f9d681cc97a175676786ddebed6b5924187e5ae3"},{"introduced":"0"},{"last_affected":"c80cb8458966e10d88a192b5ce68e47aee0e944a"},{"introduced":"0"},{"last_affected":"2afda2ecc45730f5c0fc1f88c5d8919fb34d1462"},{"introduced":"0"},{"last_affected":"e5009a34202777b53c5dc36e020d0033aa8be027"},{"introduced":"0"},{"last_affected":"7d7d3fc42b013f0983a16473b10ed24efb988e0e"},{"introduced":"0"},{"last_affected":"6246b8e12eb5abee95916b948a7a97e4d736f10b"},{"introduced":"0"},{"last_affected":"183be6b2986755eeac9b86eed9138304a30ff45e"},{"introduced":"0"},{"last_affected":"676a011b4f4d211e167465f3ffb03894c8f60334"},{"introduced":"0"},{"last_affected":"4b5f5619ddeda22f7f358431f604df580f1e61a1"},{"introduced":"0"},{"last_affected":"28297863aee4d747638ce5b6f22262ac6a118ae0"},{"introduced":"0"},{"last_affected":"b2fe62824eebd213625d23378b5307dcb1b82c77"},{"introduced":"0"},{"last_affected":"f15f28a1766fe991de85c8cd089b102f77915319"},{"introduced":"0"},{"last_affected":"9df00b0a864fac2e763b7c26ba99af057202f0f3"},{"introduced":"0"},{"last_affected":"fc3df96990bafdecc6f3a89cf7a4dcf15066c687"},{"introduced":"0"},{"last_affected":"f0c159d871ee741e0cc74fe858cc7be79841078c"},{"introduced":"0"},{"last_affected":"a72c1f4262a57bfe2819c6def81620d02d7867fb"},{"introduced":"0"},{"last_affected":"bc6094eece7dfa65e7439cd018d58e85c5d41e47"},{"introduced":"0"},{"last_affected":"8931ac19ea504a167f4d0c8e57ccc8f7f09f4135"},{"introduced":"0"},{"last_affected":"fd206c1386cc113e3f5b52fbc5b2f15a458b31b4"},{"introduced":"0"},{"last_affected":"3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7"},{"introduced":"0"},{"last_affected":"402374de33146e1c0401a247e0779e290cb0c078"},{"introduced":"0"},{"last_affected":"6cddee6fc539429544b28a96361a8af7a0691108"},{"introduced":"0"},{"last_affected":"7dd83dff485d324980f3d22c726cfd969ecf41f8"},{"introduced":"0"},{"last_affected":"e03ff728618f5bf551083fc3a52d43c07434bbc9"},{"introduced":"0"},{"last_affected":"0320310406f6b11cfd235d7a9b866cf1de483a1e"},{"introduced":"0"},{"last_affected":"925741ad1e8e48c7a6d687fe02d3fdb6386eb64c"},{"introduced":"0"},{"last_affected":"7a9863169f7d981be0d2d57437974ae2cc0c8bd3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.0.2"},{"introduced":"0"},{"last_affected":"2.0.3"},{"introduced":"0"},{"last_affected":"2.0.4"},{"introduced":"0"},{"last_affected":"2.0.5"},{"introduced":"0"},{"last_affected":"2.0.6"},{"introduced":"0"},{"last_affected":"2.0.7"},{"introduced":"0"},{"last_affected":"2.0.8"},{"introduced":"0"},{"last_affected":"2.0.9"},{"introduced":"0"},{"last_affected":"2.0.10"},{"introduced":"0"},{"last_affected":"2.0.11"},{"introduced":"0"},{"last_affected":"2.0.11.1"},{"introduced":"0"},{"last_affected":"2.0.11.2"},{"introduced":"0"},{"last_affected":"2.0.12"},{"introduced":"0"},{"last_affected":"2.0.13"},{"introduced":"0"},{"last_affected":"2.0.14"},{"introduced":"0"},{"last_affected":"2.1"},{"introduced":"0"},{"last_affected":"2.1.0"},{"introduced":"0"},{"last_affected":"2.1.1"},{"introduced":"0"},{"last_affected":"2.1.2"},{"introduced":"0"},{"last_affected":"2.1.3"},{"introduced":"0"},{"last_affected":"2.1.4"},{"introduced":"0"},{"last_affected":"2.1.5"},{"introduced":"0"},{"last_affected":"2.1.6"},{"introduced":"0"},{"last_affected":"2.1.8"},{"introduced":"0"},{"last_affected":"2.1.8.1"},{"introduced":"0"},{"last_affected":"2.2.1"},{"introduced":"0"},{"last_affected":"2.2.1.1"},{"introduced":"0"},{"last_affected":"2.2.3"},{"introduced":"0"},{"last_affected":"2.2.3.1"},{"introduced":"0"},{"last_affected":"2.3.1"},{"introduced":"0"},{"last_affected":"2.3.1.1"},{"introduced":"0"},{"last_affected":"2.3.1.2"},{"introduced":"0"},{"last_affected":"2.3.3"},{"introduced":"0"},{"last_affected":"2.3.4"},{"introduced":"0"},{"last_affected":"2.3.4.1"},{"introduced":"0"},{"last_affected":"2.3.7"},{"introduced":"0"},{"last_affected":"2.3.8"},{"introduced":"0"},{"last_affected":"2.3.12"},{"introduced":"0"},{"last_affected":"2.3.14"},{"introduced":"0"},{"last_affected":"2.3.14.1"},{"introduced":"0"},{"last_affected":"2.3.14.2"},{"introduced":"0"},{"last_affected":"2.3.14.3"},{"introduced":"0"},{"last_affected":"2.3.15"},{"introduced":"0"},{"last_affected":"2.3.15.1"},{"introduced":"0"},{"last_affected":"2.3.15.2"},{"introduced":"0"},{"last_affected":"2.3.15.3"},{"introduced":"0"},{"last_affected":"2.3.16"},{"introduced":"0"},{"last_affected":"2.3.16.1"},{"introduced":"0"},{"last_affected":"2.3.16.2"},{"introduced":"0"},{"last_affected":"2.3.16.3"},{"introduced":"0"},{"last_affected":"2.3.20"},{"introduced":"0"},{"last_affected":"2.3.24"},{"introduced":"0"},{"last_affected":"2.3.24.1"}]}}],"versions":["STRUTS_2_0_0","STRUTS_2_0_1","STRUTS_2_0_10","STRUTS_2_0_11","STRUTS_2_0_11_1","STRUTS_2_0_11_2","STRUTS_2_0_12","STRUTS_2_0_13","STRUTS_2_0_14","STRUTS_2_0_2","STRUTS_2_0_3","STRUTS_2_0_4","STRUTS_2_0_5","STRUTS_2_0_6","STRUTS_2_0_7","STRUTS_2_0_8","STRUTS_2_0_9","STRUTS_2_1_0","STRUTS_2_1_1","STRUTS_2_1_2","STRUTS_2_1_3","STRUTS_2_1_4","STRUTS_2_1_5","STRUTS_2_1_6","STRUTS_2_1_8","STRUTS_2_1_8_1","STRUTS_2_2_1","STRUTS_2_2_1_1","STRUTS_2_2_3","STRUTS_2_2_3_1","STRUTS_2_3_1","STRUTS_2_3_12","STRUTS_2_3_14","STRUTS_2_3_14_1","STRUTS_2_3_14_2","STRUTS_2_3_14_3","STRUTS_2_3_15","STRUTS_2_3_15_1","STRUTS_2_3_15_2","STRUTS_2_3_15_3","STRUTS_2_3_16","STRUTS_2_3_16_1","STRUTS_2_3_16_2","STRUTS_2_3_16_3","STRUTS_2_3_1_1","STRUTS_2_3_1_2","STRUTS_2_3_20","STRUTS_2_3_24","STRUTS_2_3_24_1","STRUTS_2_3_3","STRUTS_2_3_4","STRUTS_2_3_4_1","STRUTS_2_3_7","STRUTS_2_3_8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2162.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.2_beta"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}