Vulnerabilities > Apache > Sling XSS Protection API Compat > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-10 | CVE-2017-15717 | Cross-site Scripting vulnerability in Apache products A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. | 6.1 |