Apache - Sling Servlets Post CVE

Filtered by vendor Apache Subscribe

Filtered by product Sling Servlets Post

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-9802	1 Apache	1 Sling Servlets Post	2018-10-09	4.3 MEDIUM	6.1 MEDIUM
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

Vulnerabilities (CVE)