CVE-2015-2944

This CVE refers to cross-site scripting vulnerabilities in Apache Sling components. Affected software: Apache Sling API (prior to 2.2.2) and Apache Sling Servlets Post (prior to 2.1.2). Vulnerable element: URI handling in HtmlResponse implementations (org.apache.sling.api.servlets.HtmlResponse an...

CVE-2017-9802

CVE-2017-9802 affects Apache Sling Servlets Post prior to version 2.3.22. The vulnerability arises from using the Javascript function eval on input strings in Sling.evalString(), enabling cross-site scripting (XSS). Impact is XSS through crafted input strings; affected version is 2.3.20 (and olde...