12 matches found
EUVD-2020-12753
Malware in sbrugna...
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...
Apache Sling CMS 跨站脚本漏洞
Apache Sling CMS is a content management system CMS from the Apache Foundation USA. A cross-site scripting vulnerability exists in Apache Sling CMS version 1.1.0 and prior versions, which stems from incorrect neutralization of inputs during web page generation, and could allow an authenticated,...
CVE-2022-43670 XSS in Sling CMS Reference App Taxonomy Path
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting XSS attack in the taxonomy management feature...
CVE-2022-43670 XSS in Sling CMS Reference App Taxonomy Path
An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting XSS attack in the taxonomy management feature...
org.apache.sling:org.apache.sling.cms.reference (>=0.16.0 <=1.1.0) potentially affected by CVE-2021-44549 via org.apache.sling:org.apache.sling.commons.messaging.mail (=1.0.0)
org.apache.sling:org.apache.sling.commons.messaging.mail MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sling:org.apache.sling.commons.messaging.mail and may be impacted: - org.apache.sling:org.apache.sling.cms.referenc...
Apache Sling CMS Cross-Site Scripting Vulnerability
Apache Sling CMS is an intuitive, full-featured content management system. A reflected cross-site scripting vulnerability exists in Apache Sling CMS versions prior to 0.16.0. The vulnerability stems from a script in Sling CMS that does not escape the URL's Sling Selector when generating navigatio...
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...
Cross site scripting
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...
CVE-2020-1949
CVE-2020-1949 affects Sling CMS versions before 0.16.0. The root cause is improper escaping of the Sling Selector in URLs when generating navigation elements in the administrative console, enabling reflected XSS. Exploitation details or in-the-wild data are not provided in the supplied documents....
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks...