CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path

[Daniel Klco <dklco () apache org>]

Severity: low

Description:

An improper neutralization of input during web page generation
('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS
version 1.1.0 and prior may allow an authenticated remote attacker to
perform a reflected cross site scripting (XSS) attack in the taxonomy
management feature.

This issue is being tracked as SLING-11622

Mitigation:

Upgrade to Apache Sling App CMS >= 1.1.2

Credit:

Apache Sling would like to thank QSec-Team for reporting this issue