CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Apache: >> Struts >> 1.3.10 Security Vulnerabilities

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

CVSS Score

6.8

EPSS Score

0.012

Published

2009-04-09

Page 2

Vulnerabilities

Vulnerable Software

Apache: >> Struts >> 1.3.10 Security Vulnerabilities

Products

Pricing

Contact Us