CVE-2009-1275

CVE-2009-1275 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

Learn more about our Web Application Penetration Testing UK.