2 matches found
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...
CVE-2020-1949
CVE-2020-1949 affects Sling CMS versions before 0.16.0. The root cause is improper escaping of the Sling Selector in URLs when generating navigation elements in the administrative console, enabling reflected XSS. Exploitation details or in-the-wild data are not provided in the supplied documents....