CVE-2016-5394

MEDIUM LAB

Apache Sling < 1.0.12 - XSS

Title source: rule

Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

Exploits (2)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/apache__sling-org-apache-sling-xss_CVE-2016-5394_1-0-8

View Code ZIP pw:eip

nomisec STUB

by epicosy · poc

https://github.com/epicosy/VUL4J-23

View Code ZIP pw:eip

References (2)

Core 2

Core References

Mailing List x_refsource_misc

https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99870

Scores

CVSS v3 6.1

EPSS 0.0109

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull java:8

https://github.com/epicosy/VUL4J-23

https://github.com/shoucheng3/apache__sling-org-apache-sling-xss_CVE-2016-5394_1-0-8

View in Library

Details

CWE

CWE-79

Status published

Products (4)

apache/sling < 1.0.12

Apache Software Foundation/Apache Sling prior to 1.0.12

org.apache.sling/org.apache.sling.xss 0 - 1.0.12Maven

org.apache.sling/org.apache.sling.xss.compat 0 - 1.1.0Maven

Published Jul 19, 2017

Tracked Since Feb 18, 2026