Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rghh-ghf7-7943: Sling App CMS Cross-site Scripting vulnerability

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

1 year ago

#xss #vulnerability #web #apache #git #java #auth #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-22849

Sling App CMS Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Feb 4, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

Package

maven org.apache.sling:org.apache.sling.cms (Maven)

Affected versions

< 1.1.6

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

References

https://nvd.nist.gov/vuln/detail/CVE-2023-22849
https://sling.apache.org/news.html

Published to the GitHub Advisory Database

Feb 4, 2023

Published by the National Vulnerability Database

Feb 4, 2023

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 day ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 day ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 day ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

1 day ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

1 day ago