CVE-2020-1949
published 2020-04-01CVE-2020-1949: Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | sling_cms | < 0.16.0 | 0.16.0 |