Vulnerabilities
Vulnerable Software
Apache:  >> Sling Cms  >> 0.16.0  Security Vulnerabilities
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6
CVSS Score
6.1
EPSS Score
0.002
Published
2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-09
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-02


Contact Us

Shodan ® - All rights reserved