CVE-2009-1275

Name of the Vulnerable Software and Affected Versions Apache Tiles versions 2.1 through 2.1.1 Apache Struts (affected versions not specified)

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors. This is related to the tiles:putAttribute and tiles:insertTemplate JSP tags, which evaluate Expression Language (EL) expressions twice in certain circumstances.

Recommendations For Apache Tiles versions 2.1 through 2.1.1, update to version 2.1.2 or later. As a temporary workaround, consider restricting the use of the tiles:putAttribute and tiles:insertTemplate JSP tags until a patch is available.