3 matches found
CVE-2023-22849
The CVE-2023-22849 issue is a Cross-Site Scripting (XSS) vulnerability in Sling App CMS versions 1.1.4 and earlier, caused by improper input neutralization during web page generation. An authenticated remote attacker can perform a reflected XSS in multiple UI features. Remediation is to upgrade t...
CVE-2022-46769
CVE-2022-46769 describes an improper neutralization of input during web page generation (CWE-79) leading to a reflected Cross-site Scripting (XSS) vulnerability in Sling App CMS version 1.1.2 and earlier. The issue permits an authenticated remote attacker to perform a reflected XSS attack via the...
CVE-2020-1949
CVE-2020-1949 affects Sling CMS versions before 0.16.0. The root cause is improper escaping of the Sling Selector in URLs when generating navigation elements in the administrative console, enabling reflected XSS. Exploitation details or in-the-wild data are not provided in the supplied documents....