Lucene search
PRIOn knowledge basePRION:CVE-2017-15717HistoryJan 10, 2018 - 2:29 p.m.
Code injection
2018-01-1014:29:00
PRIOn knowledge base
www.prio-n.com
2
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
References
Related
osv
osv
Cross-site Scripting in Apache Sling XSS Protection API
2022-05-14 03:46:36
CVE-2017-15717
2018-01-10 14:29:00
cve
cve
CVE-2017-15717
2018-01-10 14:29:00
cvelist
cvelist
CVE-2017-15717
2018-01-10 00:00:00
github
github
Cross-site Scripting in Apache Sling XSS Protection API
2022-05-14 03:46:36
veracode
veracode
Cross-site Scripting (XSS)
2018-01-11 05:40:31
nvd
nvd
CVE-2017-15717
2018-01-10 14:29:00