Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
Remediation
References
http://jvn.jp/en/jp/JVN61328139/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069
http://www.securityfocus.com/bid/74839
https://issues.apache.org/jira/browse/SLING-2082
https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E
https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E
Related Vulnerabilities
CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler
CVE-2020-6467 Vulnerability in npm package electron
CVE-2017-1000401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2014-3665 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request