Apache Tiles Multiple XSS Vulnerability Network Vulnerability

Summary

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability

Impact

Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks. Impact Level: System/Application

Solution

Upgrade your Apache Tiles version to 2.1.2 http://tiles.apache.org/download.html

Insight

This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.

Affected

Apache Tiles version 2.1 to 2.1.1

References

http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913
https://issues.apache.org/struts/browse/TILES-351

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1275

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Open For Business HTML injection vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
AN Guestbook Local File Inclusion Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability

Take action and discover your vulnerabilities