CVE-2023-22849 – Apache Sling App CMS: XSS in CMS Reference / UI Components
https://notcve.org/view.php?id=CVE-2023-22849
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-46769 – Apache Sling App CMS: XSS in CMS Site Group Detail
https://notcve.org/view.php?id=CVE-2022-46769
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.2 y anteriores puede permitir que un atacante remoto autenticado realice un cross-site scripting reflejado (XSS) ataque en la función de grupo de sitios. Actualice a la aplicación CMS Apache Sling >= 1.1.4 • https://sling.apache.org/news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43670 – XSS in Sling CMS Reference App Taxonomy Path
https://notcve.org/view.php?id=CVE-2022-43670
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. Una neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versión 1.1.0 y anteriores puede permitir que un atacante remoto autenticado realice un ataque de Cross-Site Scripting (XSS) Reflejado en la función de gestión de taxonomía. • http://www.openwall.com/lists/oss-security/2022/11/02/8 https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-1949
https://notcve.org/view.php?id=CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. Scripts en Sling CMS versiones anteriores a 0.16.0, no se escapan apropiadamente al Sling Selector a partir de las URL cuando se generan elementos de navegación para las consolas administrativas y son vulnerables a los ataques de tipo XSS reflejados. • https://s.apache.org/CVE-2020-1949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •