Cross-Site Scripting (XSS) Vulnerabilities in Apache Sling API and Servlets

Cross-Site Scripting (XSS) Vulnerabilities in Apache Sling API and Servlets

CVE-2015-2944 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

Learn more about our Cis Benchmark Audit For Apache Http Server.