Apache - Tiles CVE - CVE Search - CVE Details

Filtered by vendor Apache Subscribe

Filtered by product Tiles

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2009-1275	1 Apache	2 Struts, Tiles	2009-04-28	6.8 MEDIUM	N/A
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

Vulnerabilities (CVE)