27 matches found
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
EUVD-2022-1959
Malicious code in bioql PyPI...
Path Traversal
org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...
GHSA-QW4H-3XJJ-84CC Apache Tiles: Unvalidated input may lead to path traversal and XXE
The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...
Apache Tiles: Unvalidated input may lead to path traversal and XXE
The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...
DEBIAN-CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
Path traversal
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
CVE-2023-49735 affects Apache Tiles (2 onward). The DefaultLocaleResolver.LOCALE_KEY value, when used to resolve XML definition files, is not validated, enabling path traversal and potentially SSRF/XXE when user-controlled data is supplied. This vulnerability is tied to Tiles usage and is noted a...
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
Apache Tiles Path Traversal Vulnerability
Apache Tiles is a page layout framework for JavaEE applications from the Apache Foundation. A path traversal vulnerability exists in Apache Tiles prior to version 2.0.0, which stems from failing to validate the value of the DefaultLocaleResolver.LOCALEKEY attribute set on a session when parsing a...
SUSE CVE-2009-1275
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...
Apache Tiles Vulnerable to XSS via EL Expression Injection
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...
GHSA-2C6Q-RGVJ-66RX Apache Tiles Vulnerable to XSS via EL Expression Injection
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...
Cross-Site Scripting (XSS)
Apache Tiles is susceptible to cross-site scripting XSS attacks. It does not limit the evaluation of Expression Language EL expressions in certain circumstances, allowing the attacker to trigger the attack via 1 tiles:putAttribute and 2 tiles:insertTemplate JSP tags...
Apache Tiles Detection (HTTP)
HTTP based detection of Apache Tiles. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.900493";...
Apache Tiles Multiple XSS Vulnerability
This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability OpenVAS Vulnerability Test $Id: secpodapachetilesxssvuln.nasl 8695 2018-02-06 16:42:37Z cfischer $ Apache Tiles Multiple XSS Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod,...