Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache sling vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote malicious users to obtain sensitive information via unspecified vectors.
Apache Sling
Adobe Experience Manager 6.1.0
Adobe Experience Manager 6.0.0
Adobe Experience Manager 5.6.1
1 EDB exploit
3 Github repositories
7.5
CVSSv2
CVE-2016-6798
In the XSS Protection API module prior to 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an malicious use...
Apache Sling
5.8
CVSSv2
CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibi...
Apache Sling Commons Messaging Mail 1.0.0
5.8
CVSSv2
CVE-2013-4390
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle prior to 1.1.4 in Apache Sling allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource p...
Apache Sling
Apache Sling Auth Core Component
Apache Sling Auth Core Component 1.1.0
Apache Sling Auth Core Component 1.0.6
Apache Sling Auth Core Component 1.0.4
Apache Sling Auth Core Component 1.0.2
5
CVSSv2
CVE-2022-32549
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an malicious user to cover tracks by injecting fake logs and potentially corrupt log files.
Apache Sling Commons Log
Apache Sling Api
5
CVSSv2
CVE-2012-3353
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR Conte...
Apache Sling Jcr Contentloader 2.1.4
5
CVSSv2
CVE-2013-2254
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows ...
Apache Org.apache.sling.servlets.post 2.3.0
Apache Org.apache.sling.servlets.post 2.2.0
5
CVSSv2
CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle prior to 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote malicious users to cause a denial of service (infinite loop) via a ...
Apache Org.apache.sling.servlets.post
1 EDB exploit
4.3
CVSSv2
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »