Lucene search
GoogleOSV:GHSA-2C6Q-RGVJ-66RXHistoryMay 02, 2022 - 3:23 a.m.
Apache Tiles Vulnerable to XSS via EL Expression Injection
2022-05-0203:23:16
Google
osv.dev
4
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.tiles:tiles-core | eq | 2.1.1 | |
| org.apache.tiles:tiles-core | eq | 2.1.0 |
Related
cvelist
cvelist
CVE-2009-1275
2009-04-09 15:00:00
nvd
nvd
CVE-2009-1275
2009-04-09 15:08:35
cve
cve
CVE-2009-1275
2009-04-09 15:08:35
openvas
openvas
Apache Tiles Multiple XSS Vulnerabilities
2009-04-28 00:00:00
Apache Tiles Multiple XSS Vulnerability
2009-04-28 00:00:00
github
github
Apache Tiles Vulnerable to XSS via EL Expression Injection
2022-05-02 03:23:16
debiancve
debiancve
CVE-2009-1275
2009-04-09 15:08:35
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-09 00:58:46
prion
prion
Cross site scripting
2009-04-09 15:08:00