Apache Sling - CMS UI is vulnerable to cross-site scripting. The vulnerability exists due to improper neutralization, allowing an attacker to inject and execute malicious HTML and script code through the taxonomy management feature.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling - cms ui | le | 1.1.0 | |
apache sling - cms ui | le | 1.1.0 |
www.openwall.com/lists/oss-security/2022/11/02/8
github.com/advisories/GHSA-jj93-4jr5-x45h
github.com/apache/sling-org-apache-sling-app-cms/commit/3475697e7a0556fdf0dc6dad1ff5d2a0c0a03e24
issues.apache.org/jira/browse/SLING-11622
lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs
www.openwall.com/lists/oss-security/2022/11/02/8