Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Tiles 跨站脚本攻击和信息泄露漏洞
Vulnerability Description
当在Apache Struts和其他产品中被使用时,Apache Tiles 2.1.2之前的2.1版本会在特定环境下对Expression Language (EL)表述进行两次评估,这使得远程攻击者可以借助未明向量,执行跨站脚本攻击或获得敏感信息。这些未明向量与(1)tiles:putAttribute和(2) tiles:insertTemplate JSP标识有关。
CVSS Information
N/A
Vulnerability Type
N/A