org.apache.sling.cms.ui is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the library does not properly encode the resource.path
variable before being rendered, allowing an attacker to inject and execute malicious JavaScript through the site group feature.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling - cms ui | le | 1.1.2 | |
apache sling - cms ui | le | 1.1.2 |