Lucene search
ApacheCVELIST:CVE-2023-22849HistoryFeb 04, 2023 - 8:37 p.m.
CVE-2023-22849 Apache Sling App CMS: XSS in CMS Reference / UI Components
2023-02-0420:37:05
CWE-79
apache
www.cve.org
apache sling app
xss
cms
upgrade
cwe-79
0.002 Low
EPSS
Percentile
61.0%
An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.
Upgrade to Apache Sling App CMS >= 1.1.6
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Sling App CMS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
veracode
veracode
Cross-Site Scripting (XSS)
2023-02-09 06:14:32
prion
prion
Cross site scripting
2023-02-04 21:15:00
cve
cve
CVE-2023-22849
2023-02-04 21:15:09
nvd
nvd
CVE-2023-22849
2023-02-04 21:15:09
osv
osv
CVE-2023-22849
2023-02-04 21:15:09
Sling App CMS Cross-site Scripting vulnerability
2023-02-04 21:30:22
github
github
Sling App CMS Cross-site Scripting vulnerability
2023-02-04 21:30:22