com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +26 more potentially affected by CVE-2017-9802 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.3.2)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.6.2, =5.5.0, =5.5.74, =5.3.0, =5.3.0, =5.4.0, =5.5.0, =1.0.8, =1.0.12, =1.0.6, =1.7.2 - com.day.cq.mcm:cq-mcm-silverpop-integration =1.0.2 and more Source cves: CVE-2017-9802 Source advisory:...

CVE-2017-9802

CVE-2017-9802 affects Apache Sling Servlets Post prior to version 2.3.22. The vulnerability arises from using the Javascript function eval on input strings in Sling.evalString(), enabling cross-site scripting (XSS). Impact is XSS through crafted input strings; affected version is 2.3.20 (and olde...