Reflected XSS vulnerability in Sling CMS before 0.16.0

Reflected XSS vulnerability in Sling CMS before 0.16.0

CVE-2020-1949 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

Learn more about our Cms Pen Testing.