You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Dan Klco <dk...@apache.org> on 2022/11/02 11:50:30 UTC
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path
Severity: low
Description:
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
This issue is being tracked as SLING-11622
Mitigation:
Upgrade to Apache Sling App CMS >= 1.1.2
Credit:
Apache Sling would like to thank QSec-Team for reporting this issue