EUVD-2023-1351

Malicious code in bioql PyPI...

Privilege Escalation

org.apache.sling:org.apache.sling.engine is vulnerable to Privilege Escalation. When an attacker is able to include a resource with specific content-type and control the include path, it allows the attacker to elevate privileges and acquire administrative power, because SlingRequestDispatcher...

GHSA-MG46-F9H5-G27X Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

Cross site scripting

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...