Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache sling vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2013-4390
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle prior to 1.1.4 in Apache Sling allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource p...
Apache Sling
Apache Sling Auth Core Component
Apache Sling Auth Core Component 1.1.0
Apache Sling Auth Core Component 1.0.6
Apache Sling Auth Core Component 1.0.4
Apache Sling Auth Core Component 1.0.2
4.3
CVSSv2
CVE-2015-2944
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API prior to 2.2.2 and Apache Sling Servlets Post prior to 2.1.2 allow remote malicious users to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) ...
Apache Sling Servlets Post
Apache Sling Api
5
CVSSv2
CVE-2022-32549
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an malicious user to cover tracks by injecting fake logs and potentially corrupt log files.
Apache Sling Commons Log
Apache Sling Api
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
NA
CVE-2022-45064
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specif...
Apache Sling
4.3
CVSSv2
CVE-2016-5394
In the XSS Protection API module prior to 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
Apache Sling
7.5
CVSSv2
CVE-2016-6798
In the XSS Protection API module prior to 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an malicious use...
Apache Sling
NA
CVE-2022-43670
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote malicious user to perform a reflected cross site scripting (XSS) attack in the taxon...
Apache Sling Cms
4.3
CVSSv2
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
NA
CVE-2022-46769
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote malicious user to perform a reflected cross-site scripting (XSS) attack in the site ...
Apache Sling Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »