BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
CVE-2017-9802: Apache Sling XSS vulnerability Aug 14 2017 11:04AM
Robert Munteanu (rombert apache org)
CVE-2017-9802: Apache Sling XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Servlets Post 2.3.20

Description:
The Javascript method Sling.evalString() uses the javascript `eval`
function to parse input strings, which allows for XSS att...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus