Description
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
Published: 2009-04-09
Score: 6.8 Medium
EPSS: 1.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-1959 Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
Github GHSA Github GHSA GHSA-2c6q-rgvj-66rx Apache Tiles Vulnerable to XSS via EL Expression Injection
History

No history.

Subscriptions

Apache Struts Tiles
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T05:04:49.529Z

Reserved: 2009-04-09T00:00:00.000Z

Link: CVE-2009-1275

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-04-09T15:08:35.813

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses