Apache Software Foundation Apache Sling App Cms vulnerabilities
3 known vulnerabilities affecting apache_software_foundation/apache_sling_app_cms.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-22849MEDIUMCVSS 6.1fixed in 1.1.62023-02-04
CVE-2023-22849 [MEDIUM] CWE-79 CVE-2023-22849: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.
Upgrade to Apache Sling App CMS >= 1.1.6
cvelistv5nvd
CVE-2022-46769MEDIUMCVSS 5.4fixed in 1.1.42023-01-09
CVE-2022-46769 [MEDIUM] CWE-79 CVE-2022-46769: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.
Upgrade to Apache Sling App CMS >= 1.1.4
cvelistv5nvd
CVE-2022-43670MEDIUMCVSS 5.4≥ unspecified, < 1.1.22022-11-02
CVE-2022-43670 [MEDIUM] CWE-79 CVE-2022-43670: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
cvelistv5nvd