Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-38m2-vr6g-8c94

Опубликовано: 09 янв. 2023
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Apache Sling App CMS vulnerable to reflected Cross-site Scripting

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

Ссылки

Пакеты

Наименование

org.apache.sling:org.apache.sling.cms

maven
Затронутые версииВерсия исправления

< 1.1.4

1.1.4

EPSS

Процентиль: 58%
0.00362
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-46769

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2022-46769

CVSS3: 5.4
nvd
около 3 лет назад

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

EPSS

Процентиль: 58%
0.00362
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-46769

Дефекты

CWE-79