CVE-2017-15717
CVE-2017-15717 involves a flaw in URL escaping/encoding in the Apache Sling XSS Protection API. The issue resides in org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref, allowing specially crafted URLs to pass as valid despite carrying XSS pay...