2 matches found
CVE-2009-1275
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...
CVE-2009-1275
Apache Tiles 2.1 before 2.1.2 (as used in Apache Struts and other products) is vulnerable because it evaluates EL expressions twice in certain circumstances, which can enable remote XSS or disclosure of sensitive information via the tiles:putAttribute and tiles:insertTemplate JSP tags. The CVE-20...