Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

Remediation

References

http://www.securityfocus.com/bid/99870

https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2020-2254 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent

CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-28460 Vulnerability in npm package multi-ini

CVE-2022-22984 Vulnerability in npm package @snyk/snyk-hex-plugin

CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.merge

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry