Cross-Site Scripting (XSS) Vulnerabilities in Apache Sling API and Servlets
CVE-2015-2944 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
Learn more about our Cis Benchmark Audit For Apache Http Server.