EUVD-2022-5256

Malicious code in bioql PyPI...

biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.1.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +439 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =5.6.0, =5.7.32 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74https://vulners.com/osv/OSV:GHSA-QMX3-...

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=1.2.8 <=4.1.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +602 more potentially affected by CVE-2013-2254 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.3.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =1.2.8, =2.5.4, =3.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =3.1.1, =3.1.1, =0.0.1, =0.1.0, =2012.12.01, =2023.11.08 and more Source cves: CVE-2013-2254 Source advisory: OSV:GHSA-CXWH-VMHG-39R2...

Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...

CVE-2015-2944

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

CVE-2015-2944

This CVE refers to cross-site scripting vulnerabilities in Apache Sling components. Affected software: Apache Sling API (prior to 2.2.2) and Apache Sling Servlets Post (prior to 2.1.2). Vulnerable element: URI handling in HtmlResponse implementations (org.apache.sling.api.servlets.HtmlResponse an...

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...

JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...