org.apache.sling/org.apache.sling.cms

Vulnerabilities (3)

• CVE-2023-22849Feb 4, 2023
  affected < 1.1.6fixed 1.1.6

  An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgra

• CVE-2022-46769Jan 9, 2023
  affected < 1.1.4fixed 1.1.4

  An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.

• CVE-2022-43670Nov 2, 2022
  affected < 1.1.2fixed 1.1.2

  An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management f