Apache - Sling Cms CVE

Filtered by vendor Apache Subscribe

Filtered by product Sling Cms

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-1949	1 Apache	1 Sling Cms	2020-04-03	4.3 MEDIUM	6.1 MEDIUM
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

Vulnerabilities (CVE)