Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-45064
HistoryApr 13, 2023 - 11:15 a.m.

Cross site scripting

2023-04-1311:15:00
PRIOn knowledge base
www.prio-n.com
4
slingrequestdispatcher
requestdispatcher api
cross-site scripting
apache sling level
privilege escalation
administrative power
content-type overrides

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.3%

JSON

The SlingRequestDispatcher doesn’t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.

Please update to Apache Sling Engine >= 2.14.0 and enable the “Check Content-Type overrides” configuration option.

CPENameOperatorVersion
slinglt2.14.0

Related

cve 1
osv 2
veracode 1
github 1
nvd 1
cvelist 1
cve
cve
CVE-2022-45064
2023-04-13 11:15:06
osv
osv
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
2023-04-13 12:30:35
CVE-2022-45064
2023-04-13 11:15:06
veracode
veracode
Privilege Escalation
2023-04-19 07:15:46
github
github
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
2023-04-13 12:30:35
nvd
nvd
CVE-2022-45064
2023-04-13 11:15:06
cvelist
cvelist
CVE-2022-45064 Apache Sling Engine: Include-based XSS
2023-04-13 10:01:14

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.3%

JSON
Related for PRION:CVE-2022-45064
cve1osv2veracode1github1nvd1cvelist1