CVE

CVE-2017-9802

admin

CVE-2017-9802

The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript โ€˜evalโ€™ function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

Source: CVE-2017-9802

Exit mobile version