Lucene search

PRIOn knowledge basePRION:CVE-2015-2944

HistoryJun 02, 2015 - 2:59 p.m.

Cross site scripting

2015-06-0214:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

CPENameOperatorVersion
sling_apile2.2.0
sling_servlets_postle2.1.0

CPE	Name	Operator	Version
	sling_api	le	2.2.0
	sling_servlets_post	le	2.1.0

References

jvn.jp/en/jp/JVN61328139/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000069

www.securityfocus.com/bid/74839

issues.apache.org/jira/browse/SLING-2082

lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31@%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70@%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea@%3Cdev.sling.apache.org%3E

lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16@%3Cdev.sling.apache.org%3E