oss-sec mailing list archives
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path
From: Daniel Klco <dklco () apache org>
Date: Wed, 2 Nov 2022 07:50:26 -0400
Severity: low Description: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. This issue is being tracked as SLING-11622 Mitigation: Upgrade to Apache Sling App CMS >= 1.1.2 Credit: Apache Sling would like to thank QSec-Team for reporting this issue
Current thread:
- CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path Daniel Klco (Nov 02)