Headline
GHSA-38m2-vr6g-8c94: Apache Sling App CMS vulnerable to reflected Cross-site Scripting
An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
Moderate severity GitHub Reviewed Published Jan 9, 2023 • Updated Jan 9, 2023
Related news
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4