Apache Sling Servlets Post — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Sling Servlets Post, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-9802 — CVSS 6.1 (medium): The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input…
CVE-2015-2944 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow…