com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2012-2138 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2012-2138 Source advisory: OSV:GHSA-342C-F869-5M44...

GHSA-M27M-628V-XXP2 Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +26 more potentially affected by CVE-2017-9802 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.3.2)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.6.2, =5.5.0, =5.5.74, =5.3.0, =5.3.0, =5.4.0, =5.5.0, =1.0.8, =1.0.12, =1.0.6, =1.7.2 - com.day.cq.mcm:cq-mcm-silverpop-integration =1.0.2 and more Source cves: CVE-2017-9802 Source advisory:...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

Improper Neutralization of Input During Web Page Generation in Apache Sling

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

CVE-2017-11296

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager...

CVE-2017-11296

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager...

Apache Sling Servlets Post Cross-Site Scripting Vulnerability (CNVD-2017-37560)

Adobe Experience Manager AEM is the United States of America Ordoby Adobe can be used to build a set of web sites, mobile applications and forms of content management solutions. The program supports mobile content management, marketing and sales campaign management and multi-site management , etc...

Apache Sling Servlets Post 2.3.20 Cross Site Scripting Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-9802: Apache Sling XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling Servlets Post 2.3.20 Description: The Javascript method Sling.evalString uses the javascript eval...

Apache Sling Servlets Post Cross-Site Scripting Vulnerability

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. A security vulnerability exists in the Javascript method Sling.evalString in Apache Sling Servlets Post versions prior to...

Adobe Experience Manager Apache Sling Servlets Post Component Information Disclosure Vulnerability

Apache Sling is an open source Web framework on the Java platform , in the JCR content library to create content-oriented applications . Adobe Experience Manager AEM is the United States of America Odobe Adobe company can be used to build websites, mobile applications and forms of content...

CVE-2016-0956

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

Information disclosure

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2015-2944

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...

JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...