Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
References
Link | Resource |
---|---|
https://s.apache.org/CVE-2020-1949 | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-04-01T18:25:32
Updated: 2020-04-01T18:25:32
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1949
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-01T19:15:14.610
Modified: 2020-04-03T13:37:34.690
Link: CVE-2020-1949
JSON object: View
Redhat Information
No data.
CWE