GHSA-rxvx-44w5-44r7

Suggest an improvement
Source
https://github.com/advisories/GHSA-rxvx-44w5-44r7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rxvx-44w5-44r7/GHSA-rxvx-44w5-44r7.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rxvx-44w5-44r7
Aliases
  • CVE-2015-2944
Published
2022-05-13T01:10:58Z
Modified
2024-12-05T05:27:54.565089Z
Summary
Improper Neutralization of Input During Web Page Generation in Apache Sling
Details

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

Database specific
{
    "nvd_published_at": "2015-06-02T14:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:20:19Z"
}
References

Affected packages

Maven / org.apache.sling:org.apache.sling.api

Package

Name
org.apache.sling:org.apache.sling.api
View open source insights on deps.dev
Purl
pkg:maven/org.apache.sling/org.apache.sling.api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2

Affected versions

2.*

2.0.2-incubator
2.0.4-incubator
2.0.6
2.0.8
2.1.0
2.2.0

Database specific

{
    "last_known_affected_version_range": "<= 2.2.1"
}

Maven / org.apache.sling:org.apache.sling.servlets.post

Package

Name
org.apache.sling:org.apache.sling.servlets.post
View open source insights on deps.dev
Purl
pkg:maven/org.apache.sling/org.apache.sling.servlets.post

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2

Affected versions

2.*

2.0.2-incubator
2.0.4-incubator
2.1.0

Database specific

{
    "last_known_affected_version_range": "<= 2.1.1"
}