Summary
This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability
Impact
Successful exploitation will let the attacker access the server context inside the tiles web application and perform XSS attacks.
Impact Level: System/Application
Solution
Upgrade your Apache Tiles version to 2.1.2
http://tiles.apache.org/download.html
Insight
This flaw is due to attribute values or templates are defined using some JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.
Affected
Apache Tiles version 2.1 to 2.1.1
References
Severity
Classification
-
CVE CVE-2009-1275 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- AN Guestbook Local File Inclusion Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability