Описание
Sling App CMS Cross-site Scripting vulnerability
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6
Пакеты
Наименование
org.apache.sling:org.apache.sling.cms
maven
Затронутые версииВерсия исправления
< 1.1.6
1.1.6
Связанные уязвимости
CVSS3: 6.1
nvd
около 3 лет назад
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6