Description

The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

Remediation

References

https://issues.apache.org/jira/browse/SLING-7041

http://www.securityfocus.com/bid/100284

http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html

http://www.securityfocus.com/archive/1/541024/100/0/threaded

https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2021-43801 Vulnerability in npm package mercurius

CVE-2019-14653 Vulnerability in maven package org.webjars.npm:editor.md

CVE-2015-7501 Vulnerability in maven package org.apache.commons:commons-collections4

CVE-2021-39235 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2023-38695 Vulnerability in npm package @simonsmith/cypress-image-snapshot

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory VDB Entry