Lucene search
Veracode Vulnerability DatabaseVERACODE:37790HistoryNov 03, 2022 - 5:39 a.m.
Cross-Site Scripting (XSS)
2022-11-0305:39:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
apache sling
cms ui
xss
vulnerability
html injection
script code
taxonomy management
0.001 Low
EPSS
Percentile
30.3%
Apache Sling - CMS UI is vulnerable to cross-site scripting. The vulnerability exists due to improper neutralization, allowing an attacker to inject and execute malicious HTML and script code through the taxonomy management feature.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache sling - cms ui | le | 1.1.0 | |
| apache sling - cms ui | le | 1.1.0 |
References
www.openwall.com/lists/oss-security/2022/11/02/8
github.com/advisories/GHSA-jj93-4jr5-x45h
github.com/apache/sling-org-apache-sling-app-cms/commit/3475697e7a0556fdf0dc6dad1ff5d2a0c0a03e24
issues.apache.org/jira/browse/SLING-11622
lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs
www.openwall.com/lists/oss-security/2022/11/02/8
Related
osv
osv
Apache Sling App CMS vulnerable to Cross-site Scripting
2022-11-02 19:00:31
CVE-2022-43670
2022-11-02 13:15:19
cve
cve
CVE-2022-43670
2022-11-02 13:15:19
nvd
nvd
CVE-2022-43670
2022-11-02 13:15:19
github
github
Apache Sling App CMS vulnerable to Cross-site Scripting
2022-11-02 19:00:31
cvelist
cvelist
CVE-2022-43670 XSS in Sling CMS Reference App Taxonomy Path
2022-11-02 00:00:00
prion
prion
Cross site scripting
2022-11-02 13:15:00