An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.
Upgrade to Apache Sling App CMS >= 1.1.4
References
| Link | Resource |
|---|---|
| https://sling.apache.org/news.html | Vendor Advisory |
| https://sling.apache.org/news.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sling.apache.org/news.html - Vendor Advisory |
07 Nov 2023, 03:55
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 |
Information
Published : 2023-01-09 11:15
Updated : 2025-04-09 20:15
NVD link : CVE-2022-46769
Mitre link : CVE-2022-46769
CVE.ORG link : CVE-2022-46769
JSON object : View
Products Affected
apache
- sling_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')