Headline

GHSA-38m2-vr6g-8c94: Apache Sling App CMS vulnerable to reflected Cross-site Scripting

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

1 year ago

ghsa

Open in Source

#xss #vulnerability #web #apache #git #auth

Apache Sling App CMS vulnerable to reflected Cross-site Scripting

Moderate severity GitHub Reviewed Published Jan 9, 2023 • Updated Jan 9, 2023

Related news

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

1 year ago

CVE

Open in Source

#xss #vulnerability #web #dos #apache #git #auth