Lucene search
+L

1104 matches found

OSV
OSV
added 2009/04/09 3:8 p.m.8 views

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

5.6AI score
Exploits0References3
Prion
Prion
added 2009/04/09 3:8 p.m.20 views

Cross site scripting

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

6.8CVSS6AI score0.02811EPSS
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.38 views

CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

8.8CVSS8.9AI score0.01914EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.35 views

CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

9.6CVSS9.3AI score0.02149EPSS
Exploits1Affected Software1
Rows per page
Query Builder