CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

CVE-2015-2944

This CVE refers to cross-site scripting vulnerabilities in Apache Sling components. Affected software: Apache Sling API (prior to 2.2.2) and Apache Sling Servlets Post (prior to 2.1.2). Vulnerable element: URI handling in HtmlResponse implementations (org.apache.sling.api.servlets.HtmlResponse an...