Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
Remediation
References
http://jvn.jp/en/jp/JVN61328139/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069
http://www.securityfocus.com/bid/74839
https://issues.apache.org/jira/browse/SLING-2082
https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E
Related Vulnerabilities
CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2017-2599 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-44400 Vulnerability in npm package uptime-kuma
CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons