Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-09T15:00:00

Updated: 2024-08-07T05:04:49.529Z

Reserved: 2009-04-09T00:00:00

Link: CVE-2009-1275

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-04-09T15:08:35.813

Modified: 2024-11-21T01:02:04.667

Link: CVE-2009-1275

cve-icon Redhat

No data.