Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sling servlets post vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-2944
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API prior to 2.2.2 and Apache Sling Servlets Post prior to 2.1.2 allow remote malicious users to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) ...
Apache Sling Servlets Post
Apache Sling Api
4.3
CVSSv2
CVE-2017-9802
The Javascript method Sling.evalString() in Apache Sling Servlets Post prior to 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
Apache Sling Servlets Post
7.8
CVSSv2
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote malicious users to obtain sensitive information via unspecified vectors.
Apache Sling
Adobe Experience Manager 6.1.0
Adobe Experience Manager 6.0.0
Adobe Experience Manager 5.6.1
1 EDB exploit
3 Github repositories
4.3
CVSSv2
CVE-2017-11296
An issue exists in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
Adobe Experience Manager 6.0.0
Adobe Experience Manager 6.3.0
Adobe Experience Manager 6.2.0
Adobe Experience Manager 6.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started