Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jj93-4jr5-x45h: Apache Sling App CMS vulnerable to Cross-site Scripting

A Cross-site Scripting vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

ghsa
#xss#vulnerability#apache#git#auth

Apache Sling App CMS vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Nov 2, 2022 • Updated Nov 3, 2022

Related news

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

CVE-2022-43670

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager