CVE-2009-1275
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
Apache Tiles v2.1 anteriores a v2.1.2, como las usadas en Apache Struts y otros productos, evalúan las expresiones del lenguaje de expresiones (EL), dos veces en ciertas circunstancias, lo que permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS) para obtener información sensible a través de vectores no especificados, relativo a (1) tiles:putAttribute y (2) etiquetas JSP tiles:insertTemplate.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-09 CVE Reserved
- 2009-04-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Tiles Search vendor "Apache" for product "Tiles" | 2.1.0 Search vendor "Apache" for product "Tiles" and version "2.1.0" | - |
Affected
| in | Apache Search vendor "Apache" | Struts Search vendor "Apache" for product "Struts" | * | - |
Safe
|
Apache Search vendor "Apache" | Tiles Search vendor "Apache" for product "Tiles" | 2.1.1 Search vendor "Apache" for product "Tiles" and version "2.1.1" | - |
Affected
| in | Apache Search vendor "Apache" | Struts Search vendor "Apache" for product "Struts" | * | - |
Safe
|