====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN170
_____________________________________________________________________

DATE                : 26/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Sling CMS versions prior to
                                               0.16.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/sling-dev/202003.mbox/%3cCAHbpyFaf8a0Yw=M7YThRSGnxswuF_-ivjsx0+QH1iZHr5gVMig@mail.gmail.com%3e
_____________________________________________________________________

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Sling CMS 0.14.0 and previous releases

Description:
Scripts in Sling CMS do not property escape the Sling Selector from URLs
when generating navigational elements for the administrative consoles
and are vulnerable to reflected XSS attacks.

Mitigation:
All users should upgrade to 0.16.0

Credit:
This issue was discovered by Guillaume GRABÉ Pentester from Orange
Cyberdefense France

References:
https://sling.apache.org/project-information/security.html

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================