CVE-2009-1275
CVE-2009-1275 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
Learn more about our Web Application Penetration Testing UK.