CVE-2015-2944
Apache Sling API <2.2.2 & Apache Sling Servlets Post <2.1.2 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
References (8)
Core 8
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN61328139/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74839
Exploit, Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/SLING-2082
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E
Scores
EPSS
0.0287
EPSS Percentile
86.5%
Details
CWE
CWE-79
Status
published
Products (4)
apache/sling_api
< 2.2.0
apache/sling_servlets_post
< 2.1.0
org.apache.sling/org.apache.sling.api
0 - 2.2.2Maven
org.apache.sling/org.apache.sling.servlets.post
0 - 2.1.2Maven
Published
Jun 02, 2015
Tracked Since
Feb 18, 2026