Headline

GHSA-jj93-4jr5-x45h: Apache Sling App CMS vulnerable to Cross-site Scripting

A Cross-site Scripting vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

2 years ago

ghsa

Open in Source

#xss #vulnerability #apache #git #auth

Apache Sling App CMS vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Nov 2, 2022 • Updated Nov 3, 2022

Related news

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

1 year ago

CVE

Open in Source

#xss #vulnerability #web #dos #apache #git #auth

CVE-2022-43670

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #auth