Количество 2
Количество 2
CVE-2017-9802
больше 8 лет назад
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
CVSS3: 6.1
EPSS: Низкий
GHSA-8c82-9rgp-4qvr
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post
CVSS3: 6.1
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-9802 The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| GHSA-8c82-9rgp-4qvr Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу
20