Vulnerabilities > Apache > Tiles > 2.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-09 | CVE-2009-1275 | Cross-Site Scripting And Information Disclosure vulnerability in Apache Tiles 2.1.0/2.1.1 Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags. network apache | 6.8 |