Lucene search
ApacheCVELIST:CVE-2017-15717HistoryJan 10, 2018 - 12:00 a.m.
CVE-2017-15717
2018-01-1000:00:00
apache
www.cve.org
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
CNA Affected
[
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "XSS Protection API 1.0.4 to 1.0.18"
},
{
"status": "affected",
"version": "XSS Protection API Compat 1.1.0"
},
{
"status": "affected",
"version": "XSS Protection API 2.0.0"
}
]
}
]References
Related
osv
osv
Cross-site Scripting in Apache Sling XSS Protection API
2022-05-14 03:46:36
CVE-2017-15717
2018-01-10 14:29:00
cve
cve
CVE-2017-15717
2018-01-10 14:29:00
prion
prion
Code injection
2018-01-10 14:29:00
github
github
Cross-site Scripting in Apache Sling XSS Protection API
2022-05-14 03:46:36
veracode
veracode
Cross-site Scripting (XSS)
2018-01-11 05:40:31
nvd
nvd
CVE-2017-15717
2018-01-10 14:29:00