You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Dan Klco <dk...@apache.org> on 2022/11/02 11:50:30 UTC

CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path

Severity: low

Description:

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. 

This issue is being tracked as SLING-11622

Mitigation:

Upgrade to Apache Sling App CMS >= 1.1.2

Credit:

Apache Sling would like to thank QSec-Team for reporting this issue