[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability
From: Daniel Klco <dklco () apache ! org>
Date: 2020-03-25 3:21:38
Message-ID: CAHbpyFYWV3mM9GHwpmKhVB-aMhXKa2w4HBRwSER6sqGHuYP2ag () mail ! gmail ! com
[Download RAW message or body]
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Sling CMS 0.14.0 and previous releases
Description:
Scripts in Sling CMS do not property escape the Sling Selector from URLs
when generating navigational elements for the administrative consoles and
are vulnerable to reflected XSS attacks.
Mitigation:
All users should upgrade to 0.16.0
Credit:
This issue was discovered by Guillaume GRAB=C3=89 Pentester from Orange
Cyberdefense France
References:
https://sling.apache.org/project-information/security.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic