4 matches found
CVE-2022-45064
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...
com.day.cq.collab:cq-collab-blog (=5.3.0), com.day.cq.wcm:cq-wcm-api (>=5.2.26 <=5.3.0) +19 more potentially affected by CVE-2022-45064 via org.apache.sling:org.apache.sling.engine (>=2.0.2-incubator <=2.10.2)
org.apache.sling:org.apache.sling.engine MAVEN version =2.0.2-incubator, =5.2.26, =5.2.30, =5.2.14, =5.0.0, =5.0.0, =5.4.0, =5.0.0, =5.5.8 - com.day.cq:cq-security =5.2.36 - com.day.cq:cq-tagging =5.0.0 - org.apache.sling.samples:org.apache.sling.samples.simple-demo =2.0.2-incubator and more Sour...
CVE-2022-45064
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...
CVE-2022-45064
CVE-2022-45064 describes an XSS vulnerability in the SlingRequestDispatcher within Apache Sling, caused by an incorrect implementation of the RequestDispatcher API that allows include-based XSS when an attacker can include a resource with a controllable content-type and include path. The impact i...