Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-38m2-vr6g-8c94: Apache Sling App CMS vulnerable to reflected Cross-site Scripting

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

ghsa
Open in Source
#xss#vulnerability#web#apache#git#auth

Apache Sling App CMS vulnerable to reflected Cross-site Scripting

Moderate severity GitHub Reviewed Published Jan 9, 2023 • Updated Jan 9, 2023

Related news

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa