Lucene search

K

JpcertCVELIST:CVE-2015-2944

HistoryJun 02, 2015 - 2:00 p.m.

CVE-2015-2944

2015-06-0214:00:00

jpcert

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

References

jvn.jp/en/jp/JVN61328139/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000069

www.securityfocus.com/bid/74839

issues.apache.org/jira/browse/SLING-2082

lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

Related for CVELIST:CVE-2015-2944

github1 osv1 nvd1 jvn1 prion1 cve1