CVE-2017-15717

MEDIUM

Apache Sling Xss Protection API < 1.0.18 - XSS

Title source: rule

Description

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-15717-sling-org-apache-sling-xss-vulnerable

View Code ZIP pw:eip

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-15717-sling-org-apache-sling-xss-vulnerable

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://s.apache.org/CVE-2017-15717

Scores

CVSS v3 6.1

EPSS 0.0159

EPSS Percentile 81.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (5)

apache/sling_xss_protection_api 2.0.0

apache/sling_xss_protection_api 1.0.4 - 1.0.18

apache/sling_xss_protection_api_compat 1.1.0

org.apache.sling/org.apache.sling.xss 1.0.4 - 2.0.4Maven

org.apache.sling/org.apache.sling.xss.compat Maven

Published Jan 10, 2018

Tracked Since Feb 18, 2026