2 matches found
CVE-2023-22849
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting XSS attack in multiple features. Upgrade to Apache Sling App C...
CVE-2023-22849
The CVE-2023-22849 issue is a Cross-Site Scripting (XSS) vulnerability in Sling App CMS versions 1.1.4 and earlier, caused by improper input neutralization during web page generation. An authenticated remote attacker can perform a reflected XSS in multiple UI features. Remediation is to upgrade t...