Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:27 p.m.9 views

CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

9CVSS6.4AI score0.01121EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/04/13 12:30 p.m.4 views

com.day.cq.collab:cq-collab-blog (=5.3.0), com.day.cq.wcm:cq-wcm-api (>=5.2.26 <=5.3.0) +19 more potentially affected by CVE-2022-45064 via org.apache.sling:org.apache.sling.engine (>=2.0.2-incubator <=2.10.2)

org.apache.sling:org.apache.sling.engine MAVEN version =2.0.2-incubator, =5.2.26, =5.2.30, =5.2.14, =5.0.0, =5.0.0, =5.4.0, =5.0.0, =5.5.8 - com.day.cq:cq-security =5.2.36 - com.day.cq:cq-tagging =5.0.0 - org.apache.sling.samples:org.apache.sling.samples.simple-demo =2.0.2-incubator and more Sour...

9CVSS7.7AI score0.01121EPSS
Exploits0
NVD
NVD
added 2023/04/13 11:15 a.m.62 views

CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

9CVSS8AI score0.01121EPSS
Exploits0References2
CVE
CVE
added 2023/04/13 10:1 a.m.66 views

CVE-2022-45064

CVE-2022-45064 describes an XSS vulnerability in the SlingRequestDispatcher within Apache Sling, caused by an incorrect implementation of the RequestDispatcher API that allows include-based XSS when an attacker can include a resource with a controllable content-type and include path. The impact i...

9CVSS8.5AI score0.01121EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder