4 matches found
CVE-2022-43670
CVE-2022-43670 affects Sling App CMS versions up to 1.1.0 and earlier. The issue is a reflected cross-site scripting (XSS) vulnerability in the taxonomy management feature caused by improper neutralization of input during web page generation. The CVE details indicate an authenticated remote attac...
CVE-2022-46769
CVE-2022-46769 describes an improper neutralization of input during web page generation (CWE-79) leading to a reflected Cross-site Scripting (XSS) vulnerability in Sling App CMS version 1.1.2 and earlier. The issue permits an authenticated remote attacker to perform a reflected XSS attack via the...
CVE-2023-22849
The CVE-2023-22849 issue is a Cross-Site Scripting (XSS) vulnerability in Sling App CMS versions 1.1.4 and earlier, caused by improper input neutralization during web page generation. An authenticated remote attacker can perform a reflected XSS in multiple UI features. Remediation is to upgrade t...
CVE-2020-1949
CVE-2020-1949 affects Sling CMS versions before 0.16.0. The root cause is improper escaping of the Sling Selector in URLs when generating navigation elements in the administrative console, enabling reflected XSS. Exploitation details or in-the-wild data are not provided in the supplied documents....