VYPR

Maven package

org.apache.sling/org.apache.sling.servlets.post

pkg:maven/org.apache.sling/org.apache.sling.servlets.post

Vulnerabilities (4)

  • CVE-2017-9802MedAug 14, 2017
    affected < 2.3.22fixed 2.3.22

    The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

  • CVE-2016-0956HigFeb 10, 2016
    affected < 2.3.8fixed 2.3.8

    The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-2944Jun 2, 2015
    affected < 2.1.2fixed 2.1.2

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache

  • CVE-2012-2138Jul 9, 2012
    affected < 2.1.2fixed 2.1.2

    The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted