Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rghh-ghf7-7943: Sling App CMS Cross-site Scripting vulnerability

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

ghsa
#xss#vulnerability#web#apache#git#java#auth#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-22849

Sling App CMS Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Feb 4, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

Package

maven org.apache.sling:org.apache.sling.cms (Maven)

Affected versions

< 1.1.6

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-22849
  • https://sling.apache.org/news.html

Published to the GitHub Advisory Database

Feb 4, 2023

Published by the National Vulnerability Database

Feb 4, 2023

ghsa: Latest News

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum