Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Sling Servlets Post 安全漏洞
Vulnerability Description
Apache Sling API是美国阿帕奇(Apache)软件基金会的一套用于构建Web应用程序的框架。Apache Sling Servlets Post是其中的一个容器。 Apache Sling Servlets Post 2.3.22之前的版本中的Javascript method Sling.evalString()存在安全漏洞,该漏洞源于程序使用javascript‘eval’函数来解析输入字符串。攻击者可借助特制的输入字符串利用该漏洞实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A