CVE-2020-1949: XSS
First published: Wed Apr 01 2020(Updated: )
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Sling | <0.16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1949?
CVE-2020-1949 is classified as a high-severity vulnerability due to its potential for reflected XSS attacks.
How do I fix CVE-2020-1949?
To fix CVE-2020-1949, upgrade the Sling CMS to version 0.16.0 or later.
What products are affected by CVE-2020-1949?
CVE-2020-1949 affects Apache Sling CMS versions prior to 0.16.0.
What type of vulnerability is CVE-2020-1949?
CVE-2020-1949 is a reflected Cross-Site Scripting (XSS) vulnerability.
Can CVE-2020-1949 be exploited remotely?
Yes, CVE-2020-1949 can be exploited remotely by attackers using crafted URLs.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache sling