Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheSling

4 matches found

CVE
CVEadded 2018/01/10 2:29 p.m.65 views

CVE-2017-15717

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1...

6.1CVSS5.8AI score0.01185EPSS
CVE
CVEadded 2017/07/19 3:29 p.m.50 views

CVE-2016-5394

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

6.1CVSS6AI score0.01094EPSS
CVE
CVEadded 2023/02/23 9:15 a.m.47 views

CVE-2023-25621

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling.Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dia...

6.5CVSS6.5AI score0.00039EPSS
CVE
CVEadded 2020/04/01 7:15 p.m.42 views

CVE-2020-1949

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

6.1CVSS6AI score0.01831EPSS