Reflected Cross-site scripting (XSS) in the URL of admin pannel of of Apache Sling CMS App.
These vulnerability were found and tested on Sling CMS App 0.14.0 and impact previous releases
- CVE ID: CVE-2020-1949
- Vulnerability Type: Cross Site Scripting (XSS)
- Vendor of Product: Apache
- Affected Product: Sling CMS App 0.14.0 and previous releases
- Affected Component: URL
- Editor confirmed: Yes
- Discoverer: Guillaume GRABÉ Pentester from Orange Cyberdefense France
- Advisory:
- CVE:
- Product site: https://sling.apache.org/
- Release advisories: http://mail-archives.apache.org/mod_mbox/sling-dev/202003.mbox/%3CCAHbpyFaf8a0Yw%3DM7YThRSGnxswuF_-ivjsx0%2BQH1iZHr5gVMig%40mail.gmail.com>
- ExploitDB:
2020/02/18: Vulnerabilities discovered
2020/02/18: Vulnerabilities reported to the editor
2020/02/20: Vulnerabilities confirmed by the editor
2020/03/20: Vulnerabilities patched by the editor,version 0.16.0 was released the 2020/03/20
2020/03/26: CVE update - public release
- Vulnerable parameter : URL
- Payload :
"><script>alert("XSS")</script>nt - Details : It is triggered at page loading
example : http://{url}/cms/site/sites.html/cont"><script>alert("XSS")</script>nt - Privileges: It requires admin privileges consult vulnerable pages.
- Location example: http://{url}/cms/site/sites.html/content