CVE-2017-15717

MEDIUM

Apache Sling XSS Protection API 1.0.4-1.0.18 and 2.0.0 - Cross-Site Scripting via URL Validation Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-15717. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains the source code of the Apache Sling XSS Bundle, which is vulnerable to CVE-2017-15717. The code includes implementations of XSS protection APIs and filters, but does not provide an exploit or detailed analysis of the vulnerability itself.

Description

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.

Exploits (2)

nomisec WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-15717-sling-org-apache-sling-xss-vulnerable

This repository contains the source code of the Apache Sling XSS Bundle, which is vulnerable to CVE-2017-15717. The code includes implementations of XSS protection APIs and filters, but does not provide an exploit or detailed analysis of the vulnerability itself.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Theoretical
Target: Apache Sling XSS Bundle
No auth needed
Prerequisites: Access to a vulnerable Apache Sling instance
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-15717-sling-org-apache-sling-xss-vulnerable

This repository contains the source code of the Apache Sling XSS Bundle, which is vulnerable to CVE-2017-15717. The code includes implementations of XSS protection APIs and filters, but does not include an exploit PoC. Instead, it provides a detailed view of the vulnerable components, such as XSSAPI and XSSFilter, which can be analyzed for understanding the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Theoretical
Target: Apache Sling XSS Bundle
No auth needed
Prerequisites: Access to a vulnerable Apache Sling instance
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory mailing-list x_refsource_mlist
https://s.apache.org/CVE-2017-15717

Scores

CVSS v3 6.1
EPSS 0.0159
EPSS Percentile 82.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (5)
apache/sling_xss_protection_api 2.0.0
apache/sling_xss_protection_api 1.0.4 - 1.0.18
apache/sling_xss_protection_api_compat 1.1.0
org.apache.sling/org.apache.sling.xss 1.0.4 - 2.0.4Maven
org.apache.sling/org.apache.sling.xss.compat Maven
Published Jan 10, 2018
Tracked Since Feb 18, 2026