CVE-2022-43670 - Vulnerability Details - OpenCVE

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00349.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Sling App CMS

affected

Version	Status	Constraints
`unspecified`	affected	< 1.1.2

Configuration 1 [-]

cpe:2.3:a:apache:sling_cms:*:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors	Products
Apache Subscribe	Sling Cms Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-7374	An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
Github GHSA	GHSA-jj93-4jr5-x45h	Apache Sling App CMS vulnerable to Cross-site Scripting

Fixes

Solution

No solution given by the vendor.

Workaround

Upgrade to Apache Sling App CMS >= 1.1.2

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/11/02/8
https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs

History

Fri, 02 May 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-11-02T00:00:00.000Z

Updated: 2025-05-02T20:28:50.391Z

Reserved: 2022-10-22T00:00:00.000Z

Link: CVE-2022-43670

Vulnrichment

Updated: 2024-08-03T13:40:05.707Z

NVD

Status : Modified

Published: 2022-11-02T13:15:19.997

Modified: 2025-05-02T21:15:22.990

Link: CVE-2022-43670

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43670", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2025-05-02T20:28:50.391Z", "dateReserved": "2022-10-22T00:00:00.000Z", "datePublished": "2022-11-02T00:00:00.000Z"}, "containers": {"cna": {"title": "XSS in Sling CMS Reference App Taxonomy Path", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-11-02T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Sling App CMS", "versions": [{"version": "unspecified", "lessThan": "1.1.2", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"}, {"name": "[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/8"}], "credits": [{"lang": "en", "value": "Apache Sling would like to thank QSec-Team for reporting this issue"}], "metrics": [{"other": {"type": "unknown", "content": {"other": "low"}}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["SLING-11622"], "discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "value": "Upgrade to Apache Sling App CMS >= 1.1.2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:05.707Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/8"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T20:28:24.725346Z", "id": "CVE-2022-43670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T20:28:50.391Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/8", "name": "[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:05.707Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-43670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T20:28:24.725346Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T20:28:45.946Z"}}], "cna": {"title": "XSS in Sling CMS Reference App Taxonomy Path", "source": {"defect": ["SLING-11622"], "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Apache Sling would like to thank QSec-Team for reporting this issue"}], "metrics": [{"other": {"type": "unknown", "content": {"other": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Sling App CMS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.1.2", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/02/8", "name": "[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path", "tags": ["mailing-list"]}], "workarounds": [{"lang": "en", "value": "Upgrade to Apache Sling App CMS >= 1.1.2"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-11-02T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43670", "state": "PUBLISHED", "dateUpdated": "2025-05-02T20:28:50.391Z", "dateReserved": "2022-10-22T00:00:00.000Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-11-02T00:00:00.000Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:sling_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B968DC-A761-4A1B-8583-C0171C42BD21", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web ('Cross-site Scripting') vulnerabilidad [CWE-79] en Sling App CMS versi\u00f3n 1.1.0 y anteriores puede permitir que un atacante remoto autenticado realice un ataque de Cross-Site Scripting (XSS) Reflejado en la funci\u00f3n de gesti\u00f3n de taxonom\u00eda."}], "id": "CVE-2022-43670", "lastModified": "2025-05-02T21:15:22.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-02T13:15:19.997", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/8"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@apache.org", "type": "Secondary"}]}