Apache Tiles Multiple XSS Vulnerability Network Vulnerability

Summary

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability

Impact

Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks. Impact Level: System/Application

Solution

Upgrade your Apache Tiles version to 2.1.2 http://tiles.apache.org/download.html

Insight

This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.

Affected

Apache Tiles version 2.1 to 2.1.1

References

http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913
https://issues.apache.org/struts/browse/TILES-351

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1275

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities