Unrated severityNVD Advisory· Published Apr 1, 2020· Updated Aug 4, 2024

CVE-2020-1949

Description

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

Affected products

Sling/Sling CMSdescription
Apache/Sling App CMSllm-create
Range: <0.16.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

s.apache.org/CVE-2020-1949mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000