CVE-2020-1949
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Affected products
n/a · Apache SlingWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://s.apache.org/CVE-2020-1949