Vulnerabilities > Apache > Sling XSS Protection API Compat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2017-15717 Cross-site Scripting vulnerability in Apache products
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads.
network
low complexity
apache CWE-79
6.1