Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://s.apache.org/CVE-2020-1949 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-04T06:53:59.928Z
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1949

No data.

Status : Modified
Published: 2020-04-01T19:15:14.610
Modified: 2024-11-21T05:11:42.970
Link: CVE-2020-1949

No data.