1. Home
  2. Vulnerabilities
  3. CVE-2009-1275

CVE-2009-1275

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.51 % (77th)
0.51% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2009-04-09 15:08:35
(15 years ago)
Updated Date
2009-04-29 05:29:29
(15 years ago)

Affected Products

Apache

Configuration #1

AND
    CPE23 From Up To
OR  
  Apache Struts cpe:2.3:a:apache:struts
OR  
  Running on/with
  Apache Tiles 2.1.0 cpe:2.3:a:apache:tiles:2.1.0
OR  
  Running on/with
  Apache Tiles 2.1.1 cpe:2.3:a:apache:tiles:2.1.1