Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for sling_xss_protection_api_compat by apache

    CVE-2017-15717 (GCVE-0-2017-15717)

    Vulnerability from nvd – Published: 2018-01-10 14:00 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
    Severity
    No CVSS data available.
    CWE
    • Insufficient XSS protection
    Assigner
    References
    URL Tags
    https://s.apache.org/CVE-2017-15717 mailing-listx_refsource_MLIST
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: XSS Protection API 1.0.4 to 1.0.18
    Affected: XSS Protection API Compat 1.1.0
    Affected: XSS Protection API 2.0.0
    Create a notification for this product.
    Date Public
    2018-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:04:49.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://s.apache.org/CVE-2017-15717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "XSS Protection API 1.0.4 to 1.0.18"
                },
                {
                  "status": "affected",
                  "version": "XSS Protection API Compat 1.1.0"
                },
                {
                  "status": "affected",
                  "version": "XSS Protection API 2.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficient XSS protection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-10T13:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://s.apache.org/CVE-2017-15717"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-01-10T00:00:00",
              "ID": "CVE-2017-15717",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "XSS Protection API 1.0.4 to 1.0.18"
                              },
                              {
                                "version_value": "XSS Protection API Compat 1.1.0"
                              },
                              {
                                "version_value": "XSS Protection API 2.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient XSS protection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
                  "refsource": "MLIST",
                  "url": "https://s.apache.org/CVE-2017-15717"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-15717",
        "datePublished": "2018-01-10T14:00:00.000Z",
        "dateReserved": "2017-10-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:14.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15717 (GCVE-0-2017-15717)

    Vulnerability from cvelistv5 – Published: 2018-01-10 14:00 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
    Severity
    No CVSS data available.
    CWE
    • Insufficient XSS protection
    Assigner
    References
    URL Tags
    https://s.apache.org/CVE-2017-15717 mailing-listx_refsource_MLIST
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: XSS Protection API 1.0.4 to 1.0.18
    Affected: XSS Protection API Compat 1.1.0
    Affected: XSS Protection API 2.0.0
    Create a notification for this product.
    Date Public
    2018-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:04:49.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://s.apache.org/CVE-2017-15717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "XSS Protection API 1.0.4 to 1.0.18"
                },
                {
                  "status": "affected",
                  "version": "XSS Protection API Compat 1.1.0"
                },
                {
                  "status": "affected",
                  "version": "XSS Protection API 2.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficient XSS protection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-10T13:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://s.apache.org/CVE-2017-15717"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-01-10T00:00:00",
              "ID": "CVE-2017-15717",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "XSS Protection API 1.0.4 to 1.0.18"
                              },
                              {
                                "version_value": "XSS Protection API Compat 1.1.0"
                              },
                              {
                                "version_value": "XSS Protection API 2.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient XSS protection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
                  "refsource": "MLIST",
                  "url": "https://s.apache.org/CVE-2017-15717"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-15717",
        "datePublished": "2018-01-10T14:00:00.000Z",
        "dateReserved": "2017-10-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:14.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }