Количество 2
Количество 2
CVE-2016-5394
около 8 лет назад
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
CVSS3: 6.1
EPSS: Низкий
GHSA-xwf4-88xr-hx2j
больше 3 лет назад
Cross site scripting in Apache Sling
CVSS3: 6.1
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-5394 In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | CVSS3: 6.1 | 1% Низкий | около 8 лет назад |
| GHSA-xwf4-88xr-hx2j Cross site scripting in Apache Sling | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу
20