Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-12T16:00:00

Updated: 2024-08-06T00:17:29.844Z

Reserved: 2016-04-12T00:00:00

Link: CVE-2016-4003

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-04-12T16:59:04.313

Modified: 2024-11-21T02:51:08.660

Link: CVE-2016-4003

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-04-13T00:00:00Z

Links: CVE-2016-4003 - Bugzilla