Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

Remediation

References

http://www.securityfocus.com/bid/99870

https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2022-41654 Vulnerability in npm package ghost

CVE-2016-5388 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2016-10682 Vulnerability in npm package massif

CVE-2016-0760 Vulnerability in maven package org.apache.sentry:sentry-binding-hive

CVE-2016-6805 Vulnerability in maven package org.apache.ignite:ignite-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry