Filtered by vendor Apache
Subscriptions
Filtered by product Sling Cms
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1949 | 1 Apache | 1 Sling Cms | 2024-08-04 | 6.1 Medium |
| Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. | ||||
| CVE-2022-46769 | 1 Apache | 1 Sling Cms | 2024-08-03 | 5.4 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 | ||||
| CVE-2022-43670 | 1 Apache | 1 Sling Cms | 2024-08-03 | 5.4 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. | ||||
| CVE-2023-22849 | 1 Apache | 1 Sling Cms | 2024-08-02 | 6.1 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | ||||
Page 1 of 1.