Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache sling cms |