Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Remediation

References

http://www.securityfocus.com/bid/99873

https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2018-16469 Vulnerability in maven package org.webjars.npm:merge

CVE-2017-13098 Vulnerability in maven package com.madgag.spongycastle:bctls-jdk15on

CVE-2023-26122 Vulnerability in npm package safe-eval

CVE-2017-16066 Vulnerability in npm package opencv.js

CVE-2019-10377 Vulnerability in maven package net.hurstfrost.jenkins:avatar

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry