Skip to content

Instantly share code, notes, and snippets.

@Siryu6
Last active December 30, 2023 18:58
Show Gist options
  • Save Siryu6/cf5f7c198939d12b4d2ed2b88ef71db1 to your computer and use it in GitHub Desktop.
Save Siryu6/cf5f7c198939d12b4d2ed2b88ef71db1 to your computer and use it in GitHub Desktop.
CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability

CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability

Description

Reflected Cross-site scripting (XSS) in the URL of admin pannel of of Apache Sling CMS App.
These vulnerability were found and tested on Sling CMS App 0.14.0 and impact previous releases

Information

  • CVE ID: CVE-2020-1949
  • Vulnerability Type: Cross Site Scripting (XSS)
  • Vendor of Product: Apache
  • Affected Product: Sling CMS App 0.14.0 and previous releases
  • Affected Component: URL
  • Editor confirmed: Yes
  • Discoverer: Guillaume GRABÉ Pentester from Orange Cyberdefense France

References

Approximate Timeline

2020/02/18: Vulnerabilities discovered
2020/02/18: Vulnerabilities reported to the editor 2020/02/20: Vulnerabilities confirmed by the editor
2020/03/20: Vulnerabilities patched by the editor,version 0.16.0 was released the 2020/03/20
2020/03/26: CVE update - public release

Technical details

Reflected XSS

  • Vulnerable parameter : URL
  • Payload : "><script>alert("XSS")</script>nt
  • Details : It is triggered at page loading
    example : http://{url}/cms/site/sites.html/cont"><script>alert("XSS")</script>nt
  • Privileges: It requires admin privileges consult vulnerable pages.
  • Location example: http://{url}/cms/site/sites.html/content
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment