Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution

Apache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.

Leave a Reply