CVE-2016-5394
- EPSS 1.09%
- Veröffentlicht 19.07.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vu...
CVE-2016-6798
- EPSS 1.34%
- Veröffentlicht 19.07.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potential...
CVE-2016-0956
- EPSS 13.28%
- Veröffentlicht 10.02.2016 20:59:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-4390
- EPSS 1.33%
- Veröffentlicht 24.10.2013 03:48:48
- Zuletzt bearbeitet 11.04.2025 00:51:21
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a...