A flaw in URL encoding in Apache Sling XSS Protection APIs, allowing XSS payloads. Affected versions: 1.0.4 to 1.0.18, 1.1.0, 2.0.0
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
OSV | Cross-site Scripting in Apache Sling XSS Protection API | 14 May 202203:46 | – | osv |
OSV | CVE-2017-15717 | 10 Jan 201814:29 | – | osv |
Github Security Blog | Cross-site Scripting in Apache Sling XSS Protection API | 14 May 202203:46 | – | github |
Cvelist | CVE-2017-15717 | 10 Jan 201814:00 | – | cvelist |
Prion | Code injection | 10 Jan 201814:29 | – | prion |
Veracode | Cross-site Scripting (XSS) | 11 Jan 201805:40 | – | veracode |
NVD | CVE-2017-15717 | 10 Jan 201814:29 | – | nvd |
[
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "XSS Protection API 1.0.4 to 1.0.18"
},
{
"status": "affected",
"version": "XSS Protection API Compat 1.1.0"
},
{
"status": "affected",
"version": "XSS Protection API 2.0.0"
}
]
}
]
Source | Link |
---|---|
s | www.s.apache.org/CVE-2017-15717 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo