CVE-2017-9802
Description
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript eval function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.584
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-9802 are fixed in Apache-org.apache.sling.servlets.post 2.3.22 | Windows |
| Vulnerabilities CVE-2017-9802 are fixed in Apache-org.apache.sling.servlets.post for Linux 2.3.22 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234