IDCVSSSummaryLast (major) updatePublished
CVE-2016-0956 7.8
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
09-10-2018 - 19:58 10-02-2016 - 20:59
CVE-2012-2138 5.0
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service
10-07-2012 - 04:00 09-07-2012 - 22:55
CVE-2013-2254 5.0
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions t
29-08-2017 - 01:33 17-10-2013 - 23:55
CVE-2013-4390 5.8
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a
25-10-2013 - 14:30 24-10-2013 - 03:48
CVE-2016-5394 4.3
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vu
01-07-2020 - 13:41 19-07-2017 - 15:29
CVE-2016-6798 7.5
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potential
25-07-2017 - 15:10 19-07-2017 - 15:29
Back to Top Mark selected
Back to Top