CVE-2020-1949

Versions of Sling CMS prior to 0.16.0 have a vulnerability where the Sling Selector is not correctly escaped in generated URLs for navigational elements in the administrative consoles. This vulnerability exposes them to potential reflected XSS attacks.