Apache Sling is an open source web application framework provided by The Apache Software Foundation.
Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability (CWE-79) in the error page and the generation of the job completion.
An arbitrary script may be executed on the user's web browser.
Update the respective components to the appropriate versions
Update the components to the appropriate versions according to the information provided by the developer.
The developer released the following versions to fix the vulnerability.
## Products Affected