Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute
and (2) tiles:insertTemplate
JSP tags.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.tiles:tiles-core | eq | 2.1.1 | |
org.apache.tiles:tiles-core | eq | 2.1.0 |