[MAVEN:GHSA-RXVX-44W5-44R7] Improper Neutralization of Input During Web Page Generation in Apache Sling

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

Package	Affected Version
pkg:maven/org.apache.sling/org.apache.sling.servlets.post	<= 2.1.1
pkg:maven/org.apache.sling/org.apache.sling.api	<= 2.2.1

Package	Fixed Version
pkg:maven/org.apache.sling/org.apache.sling.servlets.post	= 2.1.2
pkg:maven/org.apache.sling/org.apache.sling.api	= 2.2.2

ID: MAVEN:GHSA-RXVX-44W5-44R7
Severity: moderate
URL: https://github.com/advisories/GHSA-rxvx-44w5-44r7
Published: 2022-05-13T01:10:58
(2 years ago)
Modified: 2023-01-27T05:02:14
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2015-2944
			https://issues.apache.org/jira/browse/SLING-2082
			https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31@%3Cdev.sling.apache.org%3E
			https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70@%3Cdev.sling.apache.org%3E
			https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea@%3Cdev.sling.apache.org%3E
			https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16@%3Cdev.sling.apache.org%3E
			http://jvn.jp/en/jp/JVN61328139/index.html
			http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069
			https://github.com/advisories/GHSA-rxvx-44w5-44r7

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.apache.sling/org.apache.sling.servlets.post	org.apache.sling	org.apache.sling.servlets.post	<= 2.1.1
Fixed	pkg:maven/org.apache.sling/org.apache.sling.servlets.post	org.apache.sling	org.apache.sling.servlets.post	= 2.1.2
Affected	pkg:maven/org.apache.sling/org.apache.sling.api	org.apache.sling	org.apache.sling.api	<= 2.2.1
Fixed	pkg:maven/org.apache.sling/org.apache.sling.api	org.apache.sling	org.apache.sling.api	= 2.2.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date