Apache Tiles is susceptible to cross-site scripting (XSS) attacks. It does not limit the evaluation of Expression Language (EL) expressions in certain circumstances, allowing the attacker to trigger the attack via (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
CPE | Name | Operator | Version |
---|---|---|---|
tiles - jsp support | le | 2.1.1 | |
tiles - core library | le | 2.1.1 |