Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

Remediation

References

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069

https://issues.apache.org/jira/browse/SLING-2082

http://jvn.jp/en/jp/JVN61328139/index.html

http://www.securityfocus.com/bid/74839

https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E

https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E

https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E

https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2022-45382 Vulnerability in maven package org.jenkins-ci.plugins:naginator

CVE-2023-24807 Vulnerability in npm package undici

CVE-2020-7599 Vulnerability in maven package com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin

CVE-2019-10387 Vulnerability in maven package com.xebialabs.xlt.ci:xltestview-plugin

CVE-2013-2160 Vulnerability in maven package org.codehaus.woodstox:woodstox-core-asl

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory Exploit