CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22849 – Apache Sling App CMS: XSS in CMS Reference / UI Components
https://notcve.org/view.php?id=CVE-2023-22849
04 Feb 2023 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46769 – Apache Sling App CMS: XSS in CMS Site Group Detail
https://notcve.org/view.php?id=CVE-2022-46769
09 Jan 2023 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.2 y anteriores puede permitir q... • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43670 – XSS in Sling CMS Reference App Taxonomy Path
https://notcve.org/view.php?id=CVE-2022-43670
02 Nov 2022 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.0 y anteriores puede permitir que un atacante remoto autenticad... • http://www.openwall.com/lists/oss-security/2022/11/02/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2020-1949
https://notcve.org/view.php?id=CVE-2020-1949
01 Apr 2020 — Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. Scripts en Sling CMS versiones anteriores a 0.16.0, no se escapan apropiadamente al Sling Selector a partir de las URL cuando se generan elementos de navegación para las consolas administrativas y son vulnerables a los ataques de tipo XSS reflejados. • https://s.apache.org/CVE-2020-1949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •