CVE-2023-22849
published 2023-02-04CVE-2023-22849: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.
Upgrade to Apache Sling App CMS >= 1.1.6
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | sling_cms | < 1.1.6 | 1.1.6 |
| apache_software_foundation | apache_sling_app_cms | < 1.1.6 | 1.1.6 |