Vulnerabilities > Apache > Sling CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-04 CVE-2023-22849 Unspecified vulnerability in Apache Sling CMS
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6
network
low complexity
apache
6.1
2023-01-09 CVE-2022-46769 Unspecified vulnerability in Apache Sling CMS
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
network
low complexity
apache
5.4
2022-11-02 CVE-2022-43670 Unspecified vulnerability in Apache Sling CMS
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
network
low complexity
apache
5.4
2020-04-01 CVE-2020-1949 Cross-site Scripting vulnerability in Apache Sling CMS
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
network
low complexity
apache CWE-79
6.1