EUVD-2022-1959

Malicious code in bioql PyPI...

Apache Tomcat - XSS in generated JSPs

Description: The fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS. Versions Affected: - Apache Tomcat 11.0.0 - Apache Tomcat 10.1.31 - Apache Tomcat 9.0.9...

GHSA-HWP2-GVM5-452F Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...

Apache Tiles Vulnerable to XSS via EL Expression Injection

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

Cross-Site Scripting (XSS)

Apache Tiles is susceptible to cross-site scripting XSS attacks. It does not limit the evaluation of Expression Language EL expressions in certain circumstances, allowing the attacker to trigger the attack via 1 tiles:putAttribute and 2 tiles:insertTemplate JSP tags...

Apache Tiles Multiple XSS Vulnerability

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability OpenVAS Vulnerability Test $Id: secpodapachetilesxssvuln.nasl 8695 2018-02-06 16:42:37Z cfischer $ Apache Tiles Multiple XSS Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod,...

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

Cross site scripting

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...