4 results (0.032 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.2 y anteriores puede permitir que un atacante remoto autenticado realice un cross-site scripting reflejado (XSS) ataque en la función de grupo de sitios. Actualice a la aplicación CMS Apache Sling >= 1.1.4 • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.0 y anteriores puede permitir que un atacante remoto autenticado realice un ataque de Cross-Site Scripting (XSS) Reflejado en la función de gestión de taxonomía. • http://www.openwall.com/lists/oss-security/2022/11/02/8 https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. Scripts en Sling CMS versiones anteriores a 0.16.0, no se escapan apropiadamente al Sling Selector a partir de las URL cuando se generan elementos de navegación para las consolas administrativas y son vulnerables a los ataques de tipo XSS reflejados. • https://s.apache.org/CVE-2020-1949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •