virus logo FortiClient Vulnerability

Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability

description-logoDescription

The Apache Struts framework usesI18NInterceptorto allow users and developers switch language used in the framework and an application built on top of it. The problem is that the interceptor doesn't perform any validation of the user input and accept arbitrary string which can be used by a developer to display language selected by the user. However, the framework doesn't expose the value directly in UI.

affected-products-logoAffected Applications

Apache Struts

CVE References

CVE-2016-2162

Other References

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
ID 41616
Created Jan 17, 2020
Description
Updated		 Dec 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Apache
Patch manual
Application Apache Struts