Description

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.

Remediation

References

https://s.apache.org/CVE-2017-15717

Related Vulnerabilities

CVE-2020-2123 Vulnerability in maven package org.jenkins-ci.plugins:radargun

CVE-2022-23615 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-39387 Vulnerability in maven package org.xwiki.contrib.oidc:oidc-authenticator

CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol

CVE-2023-49673 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory