Lucene search
ApacheCVELIST:CVE-2022-46769HistoryJan 09, 2023 - 10:14 a.m.
CVE-2022-46769 Apache Sling App CMS: XSS in CMS Site Group Detail
2023-01-0910:14:56
CWE-79
apache
www.cve.org
cve-2022-46769
apache sling app cms
xss
cms site group
upgrade
0.001 Low
EPSS
Percentile
38.4%
An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.
Upgrade to Apache Sling App CMS >= 1.1.4
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Sling App CMS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]References
Related
osv
osv
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
2023-01-09 12:30:18
CVE-2022-46769
2023-01-09 11:15:10
cve
cve
CVE-2022-46769
2023-01-09 11:15:10
github
github
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
2023-01-09 12:30:18
prion
prion
Cross site scripting
2023-01-09 11:15:00
veracode
veracode
Cross-site Scripting (XSS)
2023-01-10 02:36:22
nvd
nvd
CVE-2022-46769
2023-01-09 11:15:10