VYPR

Sling Servlets Post

by Apache

CVEs (5)

  • CVE-2017-11296MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.

  • CVE-2017-9802MedAug 14, 2017
    risk 0.40cvss 6.1epss 0.04

    The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

  • CVE-2015-2944Jun 2, 2015
    risk 0.01cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2)…

  • CVE-2013-2254Oct 17, 2013
    risk 0.00cvss epss 0.04

    The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows…

  • CVE-2012-2138Jul 9, 2012
    risk 0.00cvss epss 0.14

    The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted…