Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Sling 输入验证错误漏洞
Vulnerability Description
Apache Sling是美国阿帕奇(Apache)基金会的一个 Java 平台的开源 Web 框架。旨在在符合 JSR-170 的内容存储库(例如 Apache Jackrabbit )上创建以内容为中心的应用程序。 Apache Sling中的Auth Core (org.apache.sling.auth.core)组件1.1.2及之前的版本中的AbstractAuthenticationFormServlet类中存在输入验证错误漏洞,该漏洞源于程序没有正确过滤用户提交到‘resource’参数的输
CVSS Information
N/A
Vulnerability Type
N/A