CVE-2016-5394
- EPSS 1.09%
- Published 19.07.2017 15:29:00
- Last modified 20.04.2025 01:37:25
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vu...
CVE-2016-6798
- EPSS 1.34%
- Published 19.07.2017 15:29:00
- Last modified 20.04.2025 01:37:25
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potential...
CVE-2016-0956
- EPSS 13.28%
- Published 10.02.2016 20:59:08
- Last modified 12.04.2025 10:46:40
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-4390
- EPSS 1.33%
- Published 24.10.2013 03:48:48
- Last modified 11.04.2025 00:51:21
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a...