CVE-2016-5394
- EPSS 1.27%
- Veröffentlicht 19.07.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vu...
CVE-2016-6798
- EPSS 1.34%
- Veröffentlicht 19.07.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potential...
CVE-2016-0956
- EPSS 13.28%
- Veröffentlicht 10.02.2016 20:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-4390
- EPSS 1.33%
- Veröffentlicht 24.10.2013 03:48:48
- Zuletzt bearbeitet 29.04.2026 01:13:23
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a...