Lucene search
K
ApacheSling Cms

4 matches found

CVE
CVE
added 2022/11/02 12:0 a.m.72 views

CVE-2022-43670

CVE-2022-43670 affects Sling App CMS versions up to 1.1.0 and earlier. The issue is a reflected cross-site scripting (XSS) vulnerability in the taxonomy management feature caused by improper neutralization of input during web page generation. The CVE details indicate an authenticated remote attac...

5.4CVSS5.2AI score0.01385EPSS
CVE
CVE
added 2023/01/09 10:14 a.m.70 views

CVE-2022-46769

CVE-2022-46769 describes an improper neutralization of input during web page generation (CWE-79) leading to a reflected Cross-site Scripting (XSS) vulnerability in Sling App CMS version 1.1.2 and earlier. The issue permits an authenticated remote attacker to perform a reflected XSS attack via the...

5.4CVSS5.2AI score0.01382EPSS
CVE
CVE
added 2023/02/04 8:37 p.m.70 views

CVE-2023-22849

The CVE-2023-22849 issue is a Cross-Site Scripting (XSS) vulnerability in Sling App CMS versions 1.1.4 and earlier, caused by improper input neutralization during web page generation. An authenticated remote attacker can perform a reflected XSS in multiple UI features. Remediation is to upgrade t...

6.1CVSS6AI score0.01445EPSS
CVE
CVE
added 2020/04/01 6:25 p.m.54 views

CVE-2020-1949

CVE-2020-1949 affects Sling CMS versions before 0.16.0. The root cause is improper escaping of the Sling Selector in URLs when generating navigation elements in the administrative console, enabling reflected XSS. Exploitation details or in-the-wild data are not provided in the supplied documents....

6.1CVSS6AI score0.01965EPSS