Apache Sling
6 CVEs affecting Apache Sling. Latest disclosed: 2017-07-19. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6798 | Critical | 9.8 | 2017-07-19 | In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which al… |
CVE-2016-0956 | High | 7.5 | 2016-02-10 | The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive inf… |
CVE-2016-5394 | Medium | 6.1 | 2017-07-19 | In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for so… |
CVE-2013-4390 | | 2013-10-24 | Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows r… | |
CVE-2013-2254 | | 2013-10-17 | The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does… | |
CVE-2012-2138 | | 2012-07-09 | The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ance… |