Summary
This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability
Impact
Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks.
Impact Level: System/Application
Solution
Upgrade your Apache Tiles version to 2.1.2
http://tiles.apache.org/download.html
Insight
This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.
Affected
Apache Tiles version 2.1 to 2.1.1
References
Severity
Classification
-
CVE CVE-2009-1275 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tiles Multiple XSS Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability