CVE-2016-6798

CRITICAL

Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6798. PoCs published by tafamace.

AI-analyzed exploit summary The repository contains a minimal Java project with a generic Main.java file that prints command-line arguments and a Travis CI configuration. There is no exploit code or technical details related to CVE-2016-6798.

Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Exploits (1)

nomisec STUB
by tafamace · poc
https://github.com/tafamace/CVE-2016-6798

The repository contains a minimal Java project with a generic Main.java file that prints command-line arguments and a Travis CI configuration. There is no exploit code or technical details related to CVE-2016-6798.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: N/A
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99873

Scores

CVSS v3 9.8
EPSS 0.0134
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (4)
apache/sling < 1.0.10
Apache Software Foundation/Apache Sling prior to 1.0.12
org.apache.sling/org.apache.sling.xss 0 - 1.0.12Maven
org.apache.sling/org.apache.sling.xss.compat 0 - 1.1.0Maven
Published Jul 19, 2017
Tracked Since Feb 18, 2026